Book Image

Advanced Penetration Testing

By : Wil Allsopp
Book Image

Advanced Penetration Testing

By: Wil Allsopp

Overview of this book

Today's threats are organized, professionally-run, and very much for-profit. Advanced Penetration Testing?goes beyond Kali Linux and Metasploit and to provide you advanced pen testing for high security networks. This book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures. By the end of this book, you’ll be in a position to detect threats and defend your high security network.
Table of Contents (13 chapters)
Free Chapter
1
Cover
2
Title Page
13
End User License Agreement

Payload Delivery Part VI: Deploying with HTA

This is not a technique that is exactly going to change your life, but one particularly useful way to deploy payloads via VBScript is to use an HTML application. This is essentially just HTML carrying a client-side script renamed to have an .hta extension. Why not just use an HTML file to do the same thing? Two reasons. First of all, VBScript will only execute in Internet Explorer, which is currently only the fourth most popular browser and in serious decline. Secondly, even if an HTML payload is opened in IE, the user will receive a warning that it contains active content that will likely be blocked by administrative policy (see Figure 6.1).

Illustration of message code.

Figure 6.1: Not the most inviting message.

The following code is adequate for gaining basic command execution through simple user interaction:

<head>
<title>HTA Test</title>
<HTA:APPLICATION
     APPLICATIONNAME="HTA Test"
     SCROLL="yes"
     SINGLEINSTANCE...