Index
A
- access point (AP) / Understanding an evil twin attack
- active information gathering
- about / Introduction
- with Metasploit / Active information gathering with Metasploit
- TCP Port Scanner / TCP Port Scanner
- TCP SYN Port Scanner / TCP SYN Port Scanner
- Address Resolution Protocol (ARP) messages / How to do it...
- Amazon Web Services (AWS) / How to do it...
- Android-x86
- URL / Getting ready
- Android backdoor
- creating / Creating an Android backdoor, Getting ready, How to do it...
- creating, with msfvenom / There's more...
- antivirus
- bypassing / Bypassing antivirus and IDS/IPS
- ARP Sweep
- host discovery / Host discovery with ARP Sweep
- ATutor
- URL / Getting ready
- autoroute / Autoroute and socks proxy server
- AutoRunScript
- automation with / Automation with AutoRunScript, How to do it...
- auxiliary modules
- using / Working with auxiliary modules, How to do it...
- listing / Getting ready
- custom auxiliary module, building / Building your own auxiliary module, How to do it...
B
- backdoors
- installing / Installing backdoors, How to do it...
- persistence, setting up / Setting up a persistence with backdoors
- BetterCAP
- using / Getting ready
- bind / Types of shell
- brute forcing / WinRM scanning and brute forcing
C
- Cactus WHID
- URL / Getting ready
- Censys Search
- about / Censys Search
- URL / Censys Search
- cloud
- Metasploit, deploying / Metasploit in the cloud, Getting ready, How to do it...
- Metasploit, deploying with Microsoft Azure / There's more...
- phishing / Phishing from the cloud, Getting ready, How to do it...
- cloud penetration testing lab
- setting up / Setting up a cloud penetration testing lab
- setting up, with Hack The Box / There's more...
- comma-separated values (CSV) file / How to do it...
- Common Vulnerabilities and Exposures (CVE) / Getting ready
- CorpWatch Company Name Information Search / CorpWatch Company Name Information Search
- CPE WAN Management Protocol (CWMP) / Getting ready
- credential harvesting / Credential harvesting
- custom auxiliary module
- building / Building your own auxiliary module, How to do it...
- custom post-exploitation module
D
- database
- using / Using the database, How to do it...
- db_nmap
- used, for port scanning / Port scanning—the db_nmap way
- Nmap Scripting Engine (NSE) / Nmap Scripting Engine
- Debian package / Creating a Linux trojan
- Denial of Service (DoS) / Denial of Service, How to do it...
- DNS Record Scanner and Enumerator auxiliary module / There's more...
- documentation / Documentation, How to do it...
- Doppelganger Domains / Introduction
- DoS attack modules
- about / DoS attack modules, SMB
- HTTP / HTTP
- SMB / SMB
- Dynamic Data Exchange (DDE) / How to do it...
E
- egghunter / Getting ready
- encoders
- about / Encoders
- using / How to do it..., There's more...
- encrypted LVM
- Kali Linux, partitioning with / Guided partitioning with encrypted LVM
- enumeration modules / Enumeration modules, How to do it...
- evil twin attack
- about / Understanding an evil twin attack
- setting up / Getting ready, How to do it...
- executables
- backdooring, with man-in-the-middle (MITM) attack / Backdooring executables using a MITM attack, Getting ready, How to do it...
- existing module
- analyzing / Analyzing an existing module, How to do it...
- exploit
- about / Introduction
- converting, to Metasploit module / Converting an exploit to a Metasploit module, Getting ready, How to do it...
- Exploit Database
- URL / Getting ready
- exploit mixins
- about / Common exploit mixins
- Exploit**Remote**TCP / How to do it...
- Exploit**Remote**UDP / How to do it...
- Exploit**Remote**SMB / How to do it...
- Exploit**BruteTargets / How to do it...
- Exploit**Remote**Ftp / How to do it...
- Msf**Exploit**Seh / How to do it...
- Msf**Exploit**Egghunter / How to do it...
- exploit module
F
- framework plugins
- loading / Loading framework plugins, How to do it...
- FTP scanning / FTP scanning
- fuzzer
- writing / Writing a simple fuzzer, How to do it..., How it works...
- fuzzing
- about / Fuzzing with Metasploit
- with Metasploit / Fuzzing with Metasploit, How to do it...
G
- gateway / Getting ready
- getdesktop
- sniffing / The getdesktop and keystroke sniffing, How to do it...
- Golden Tickets / There's more...
- Gophish
- about / Getting ready
- URL / Getting ready
- reference / How to do it...
H
- Hack The Box
- used, for setting up cloud penetration testing lab / There's more...
- about / There's more...
- URL / There's more...
- host discovery
- with ARP Sweep / Host discovery with ARP Sweep
- hosts command
- using / Using the hosts command, How to do it...
- HTA attack
- about / HTA attack
- implementing / How to do it...
- HTML Application (HTA) / How to do it...
- HTTP fuzzer
- using / How to do it...
- Human Interface Device (HID) attacks
- about / Human Interface Device attacks
- implementing / How to do it...
- Hypertext Transfer Protocol (HTTP)
- scanning / HTTP scanning, How to do it...
I
- IDS/IPS
- bypassing / Bypassing antivirus and IDS/IPS
- impersonation / How it works...
- incognito attacks
- with Meterpreter / Incognito attacks with Meterpreter, How to do it...
- infectious media generator
- about / Infectious media generator
- using / How to do it...
- information gathering
- passive information gathering / Introduction
- active information gathering / Introduction
- social engineering / Introduction
- Infrastructure as a Service (IaaS) / Introduction
- Internet of Things (IoT) / HTTP scanning
- Intrusion Detection System (IDS) / How to do it..., Encoders
K
- Kali Linux
- Metasploit, using / Using Metasploit in Kali Linux, There's more...
- URL / How to do it..., How to do it...
- upgrading / Upgrading Kali Linux
- connecting, with SSH / Connecting to Kali using SSH
- downloading / Best practices, How to do it...
- partitioning, with encrypted LVM / Guided partitioning with encrypted LVM
- Karmetasploit
- about / Configuring Karmetasploit
- configuring / Configuring Karmetasploit, How to do it...
- keystroke
- sniffing / The getdesktop and keystroke sniffing, How to do it...
L
- Link-Local Multicast Name Resolution (LLMNR) / There's more...
- Linux
- installing / Installing Linux and macOS, How to do it...
- Linux server
- exploiting / Exploiting a Linux server, How to do it..., How it works...
- payload / What about the payload?
- Linux trojan
- creating / Creating a Linux trojan, How to do it...
- Linux Unified Key Setup (LUKS) / Guided partitioning with encrypted LVM
- Local Security Authority Subsystem Service (LSASS) / How to do it...
- logging
- about / Metasploit logging, How to do it...
- msfconsole, launching / There's more...
- Logical Volume Management (LVM) / Guided partitioning with encrypted LVM
M
- macOS
- installing / Installing Linux and macOS, How to do it...
- Metasploit, installing / Installing Metasploit on macOS, How to do it...
- man-in-the-middle (MITM) attack
- used, for backdooring executables / Backdooring executables using a MITM attack, Getting ready, How to do it...
- Management Information Base (MIB) / Getting ready
- Mandatory Integrity Control (MIC) / Bypassing UAC
- mass email attack / How to do it...
- Metasploit
- installing, on Windows / Installing Metasploit on Windows
- URL / Installing Metasploit on Windows, Getting ready, How to do it...
- pro edition / Getting ready
- express edition / Getting ready
- community edition / Getting ready
- framework edition / Getting ready
- installing, on macOS / Installing Metasploit on macOS, How to do it...
- using, in Kali Linux / Using Metasploit in Kali Linux, There's more...
- fuzzing with / Fuzzing with Metasploit, How to do it...
- wireless penetration test, performing / Metasploit and wireless, How to do it...
- deploying, in cloud / Metasploit in the cloud, Getting ready, How to do it...
- deploying, in cloud with Microsoft Azure / There's more...
- using, over Tor / Using Metasploit over the Tor network, Getting ready, How to do it...
- logging / Metasploit logging, How to do it...
- Metasploit 2 machine
- URL / How to do it...
- Metasploit Anti-Forensic Investigation Arsenal (MAFIA) / There's more...
- Metasploit Framework / Introduction
- Metasploit macro exploit
- implementing / Metasploit macro exploits, How to do it...
- Metasploit module
- exploit, converting to / Converting an exploit to a Metasploit module, Getting ready, How to do it...
- Metasploit PHP Hop
- about / Metasploit PHP Hop
- using / How to do it...
- Meterpreter
- about / Introduction
- core commands / Understanding the Meterpreter core commands, How to do it..., How it works...
- filesystem commands / Understanding the Meterpreter filesystem commands, How it works...
- networking commands / Understanding Meterpreter networking commands, How it works...
- system commands / Understanding the Meterpreter system commands, How to do it...
- resource scripts / Meterpreter resource scripts
- timeout control / Meterpreter timeout control
- transports / Meterpreter transports
- incognito attacks / Incognito attacks with Meterpreter, How to do it...
- pivoting / Pivoting with Meterpreter, How to do it..., How it works...
- port forwarding / Port forwarding with Meterpreter, How to do it...
- Meterpreter anti-forensics / Meterpreter anti-forensics, How to do it..., There's more...
- Meterpreter API / Meterpreter API and mixins, How it works...
- Meterpreter certificates
- creating, with trusted certificates / How to do it...
- Meterpreter payloads
- creating, with trusted certificates / Meterpreter payloads with trusted certificates, How to do it..., There's more...
- Microsoft Azure
- URL / There's more...
- Mimikatz
- using / Using Mimikatz, There's more...
- about / There's more...
- mixins / Meterpreter API and mixins, How it works...
- Modified-Accessed-Created-Entry (MACE) / Meterpreter anti-forensics
- modules
- about / Introduction
- building / Understanding the basics of module building
- existing module, analyzing / Analyzing an existing module, How to do it...
- module structure
- exploiting / Exploiting the module structure, How to do it...
- Mozilla Firefox 41.0
- URL / Getting ready
- MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption / MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption, How to do it...
- MS17-010 EternalRomance/EternalSynergy/EternalChamp / MS17-010 EternalRomance/EternalSynergy/EternalChampion
- MSFconsole
- about / Getting to know MSFconsole
- commands / MSFconsole commands
- MSFvenom
- used, for generating shellcode / Using MSFvenom to generate shellcode, How to do it...
- multi-attack web method
- about / Working with the multi-attack web method
- using / How to do it...
- multiple communication channels
- setting up, with target / Setting up multiple communication channels with the target, How it works...
N
- named pipe / How it works...
- National Security Agency (NSA) / Getting ready
- Nessus
- integrating with / Integrating with Nessus, How to do it...
- Nessus Home
- URL / Getting ready
- NetBIOS Session Service (NBSS) / How to do it..., SMB
- netmask / Getting ready
- Network Address Translation (NAT) / How to do it...
- NeXpose
- integrating with / Integrating with NeXpose, How to do it...
- URL / Getting ready
- Nmap
- about / Port scanning—the Nmap way
- used, in port scanning / How it works...
- operating system / Operating system and version detection
- version detection / Operating system and version detection
- anonymity, increasing / Increasing anonymity
- Nmap Scripting Engine (NSE) / Nmap Scripting Engine
O
- Open Vulnerability Assessment System (OpenVAS)
- integrating with / Integrating with OpenVAS, How to do it...
- operating system identification / Operating system and version detection
- output formats / Output formats, How to do it...
P
- passive information gathering / Introduction
- with Metasploit / Passive information gathering with Metasploit
- DNS Record Scanner and Enumerator auxiliary module / There's more...
- CorpWatch Company Name Information Search / CorpWatch Company Name Information Search
- Search Engine Subdomains Collector / Search Engine Subdomains Collector
- Censys Search / Censys Search
- Shodan Search / Shodan Search
- Shodan Honeyscore Client / Shodan Honeyscore Client
- Search Engine Domain Email Address Collector / Search Engine Domain Email Address Collector
- pass the hash technique / Passing the hash
- payload
- about / Introduction, Payloads and payload options
- options / Payloads and payload options, How to do it...
- penetration-testing lab
- setting up / Setting up a penetration-testing lab, How to do it..., How it works...
- penetration test
- cleaning up / Cleaning up, How to do it...
- persistence
- setting up, with backdoors / Setting up a persistence with backdoors
- phishing
- from cloud / Phishing from the cloud, How to do it...
- pivoting
- with Meterpreter / Pivoting with Meterpreter, How to do it..., How it works...
- Platform as a Service (PaaS) / Introduction
- port forwarding
- with Meterpreter / Port forwarding with Meterpreter, How to do it...
- post-exploitation module, category
- gather / How to do it...
- gather/credentials / How to do it...
- gather/forensics / How to do it...
- manage / How to do it...
- recon / How to do it...
- wlan / How to do it...
- escalate / How to do it...
- capture / How to do it...
- post-exploitation modules
- about / Post-exploitation modules, How it works..., How it works..., Post-exploitation modules
- analyzing / Analyzing an existing post-exploitation module, How it works...
- writing / Writing a post-exploitation module, How to do it...
- using / How to do it...
- custom post-exploitation module, building / Building your own post-exploitation module, How to do it...
- PostgreSQL
- configuring / Configuring PostgreSQL, There's more...
- process ID (PID) / How to do it...
- proof of concept (PoC)
- using / Introduction
- provider / Introduction
R
- Railgun
- about / Railgun—converting Ruby into a weapon, How it works...
- DLL, adding / Adding DLL and function definitions to Railgun, How it works...
- function definition, adding / Adding DLL and function definitions to Railgun, How it works...
- URL / Adding DLL and function definitions to Railgun
- registry
- interacting with / Interacting with the registry, How to do it...
- Remote Desktop
- enabling / Enabling Remote Desktop, How it works...
- Remote Desktop Service (RDP) / How to do it...
- Remote Frame Buffer (RFB) / Injecting the VNC server remotely
- Remote Procedure Call (RPC) / How to do it...
- reset connection (RST) / How it works...
- reverse / Types of shell
- Ruby extension (Rex) / Introduction
S
- scraper Meterpreter script
- Search Engine Domain Email Address Collector / Search Engine Domain Email Address Collector
- Search Engine Subdomains Collector / Search Engine Subdomains Collector
- Secure Shell (SSH)
- connectivity, setting up / Setting up SSH connectivity, How to do it...
- used, for connecting to Kali Linux / Connecting to Kali using SSH
- Security Accounts Manager (SAM)
- contents, dumping / Dumping the contents of the SAM database, How to do it...
- Server Message Block (SMB)
- about / SMB scanning and enumeration, Getting ready
- enumeration / How to do it...
- scanning / How to do it...
- services
- exploiting / Exploiting common services, How to do it
- services command / Understanding the services command, How to do it...
- shellcode
- generating, with MSFvenom / Using MSFvenom to generate shellcode, How to do it...
- shells
- types / Types of shell, How to do it...
- Shodan Honeyscore Client / Shodan Honeyscore Client
- Shodan Search
- about / Shodan Search
- URL / Shodan Search
- Simple Mail Transfer Protocol (SMTP)
- enumeration / SMTP enumeration, How to do it...
- Simple Network Management Protocol (SNMP)
- enumeration / SNMP enumeration
- Simple Object Access Protocol (SOAP) / WinRM scanning and brute forcing
- SMBLoris / Getting ready, SMB
- SMB relay attacks
- about / SMB relay attacks
- setting up / SMB relay attacks, How to do it..., There's more...
- Social-Engineer Toolkit (SET)
- about / Introduction
- installing / Getting started with the Social-Engineer Toolkit
- URL / Getting ready
- launching / How to do it..., How it works...
- social engineering / Introduction
- socks proxy server / Autoroute and socks proxy server
- Software as a Service (SaaS) / Introduction
- spear-phishing attack vector
- about / Working with the spear-phishing attack vector
- implementing / How to do it...
- SQL injection / SQL injection, How to do it...
- SSH versions
- detecting, with scanner / Detecting SSH versions with the SSH Version Scanner
- Structured Exception Handler (SEH) / Getting ready
- subnet / Getting ready
T
- TCP Port Scanner / TCP Port Scanner
- Teensy USB HID
- URL / Getting ready
- templates
- about / Templates
- using / Getting ready, How to do it...
- tenants / Introduction
- Tor
- Metasploit, using over / Using Metasploit over the Tor network, Getting ready, How to do it...
- about / Using Metasploit over the Tor network
- trusted certificates
- used, for creating Meterpreter payloads / Meterpreter payloads with trusted certificates, How to do it..., There's more...
- TrustedInstaller / Becoming TrustedInstaller, How to do it...
- Type-Length-Value (TLV) / Setting up multiple communication channels with the target
U
- UDP Service Sweeper / UDP Service Sweeper
- User Account Control (UAC)
- bypassing / Bypassing UAC, Getting ready, How to do it...
- user interface (UI) / Introduction
V
- version detection / Operating system and version detection
- Virtual Network Computing (VNC)
- injecting remotely / Injecting the VNC server remotely
- virtual networks
- reference / How to do it...
- vulnerability / Introduction
- vulnerable machines
- URL / There's more...
W
- website attack vectors
- about / Website attack vectors
- using / How to do it...
- Windows
- Metasploit, installing / Installing Metasploit on Windows
- Windows 10 machine
- exploiting / Exploiting a Windows 10 machine
- Windows binaries
- backdooring / Backdooring Windows binaries, How to do it...
- Windows Local Enumeration (WinEnum)
- used, for system scraping / Scraping the system using winenum
- Windows Management Instrumentation (WMI) / Getting ready
- Windows Remote Management (WinRM)
- scanning / WinRM scanning and brute forcing
- Windows Server machine
- exploiting / Exploiting a Windows Server machine, How to do it...
- wireless MITM attacks
- about / Wireless MITM attacks
- setting up / Getting ready, How to do it...
- wireless penetration test
- performing, with Metasploit / Metasploit and wireless, How to do it...
- workspaces
- creating / Creating workspaces, How to do it...