Book Image

Metasploit Penetration Testing Cookbook

By : Abhinav Singh
Book Image

Metasploit Penetration Testing Cookbook

By: Abhinav Singh

Overview of this book

Metasploit® software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.Metasploit Penetration Testing Cookbook targets both professionals and beginners to the framework. The chapters of the book are logically arranged with an increasing level of complexity and cover Metasploit aspects ranging from pre-exploitation to the post-exploitation phase thoroughly. The recipe structure of the book provides a good mix of both theoretical understanding and practical implementation. This book will help readers in thinking from a hacker's perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.The book starts with the basics such as gathering information about your target and gradually covers advanced topics like building your own framework scripts and modules. The book goes deep into operating systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post- exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to framework, and third party tools like armitage, and SET. Metasploit Penetration Testing Cookbook is the required guide to penetration testing and exploitation.
Table of Contents (17 chapters)
Metasploit Penetration Testing Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Index

A

  • -A parameter / How it works...
  • ACK scan [-sA] / How to do it...
  • add branch option / How it works...
  • add note option / How it works...
  • Adobe Reader
    • util.printf() buffer overflow / Adobe Reader util.printf() buffer overflow, How to do it...
  • antiparser fuzzing framework
    • about / Antiparser fuzzing framework
    • downloading / Antiparser fuzzing framework
  • antivirus programs
    • disabling, killav.rbscript used / Using the killav.rb script to disable antivirus programs, Getting ready, How to do it...
  • antivirus services
    • killing, from command line / Killing antivirus services from the command line, How to do it...
  • Armitage
    • about / Introduction
    • starting with / Getting started with Armitage
    • setting up, in BackTrack / How to do it...
    • working / How it works...
    • setting up, on Linux / Setting up Armitage on Linux
    • post-exploitation / Post-exploitation with Armitage, How to do it..., How it works...
    • client-side exploitation / Client-side exploitation with Armitage, How to do it..., How it works...
  • Attacks option / How to do it...
  • Attacks | Find Attacks | By port or by vulnerability / How to do it...
  • Aurora memory corruption
    • in Internet Explorer / Internet Explorer Aurora memory corruption
  • AUTO_DETECT flag / How to do it...
  • auxiliary admin modules
    • working with / Working with auxiliary admin modules, How to do it..., How it works...
    • about / Working with auxiliary admin modules
  • auxiliary modules
    • activating / Getting ready, How it works...
    • specifications, setting / Getting ready, How it works...
    • module, running / Getting ready, How it works...
    • exploring, for scanning / How to do it...
    • threads, managing / Managing the threads
    • target service, scanning / Target service scanning with auxiliary modules

B

  • -b parameter / How it works...
  • BackTrack 5
    • integrating, with Metasploit / Metasploit with BackTrack 5 – the ultimate combination, How to do it...
  • BASENAME parameter / How to do it...

C

  • -c parameter / How to do it...
  • channel -l command / How to do it...
  • client-side antivirus protection
    • bypassing, msfencode used / Bypassing client-side antivirus protection using msfencode, Getting ready, How to do it...
  • client-side attack vector / Introduction
  • client-side exploitation
    • Armitage / Client-side exploitation with Armitage, How to do it..., How it works...
  • connect_login function / How it works...
  • Console tab / How to do it...
  • Console window / How it works...
  • create_payload() function / How it works...
  • crunch
    • using, for password generation / Generating passwords using "Crunch"
    • min-len parameter / Generating passwords using "Crunch"
    • max-len parameter / Generating passwords using "Crunch"
    • charset parameter / Generating passwords using "Crunch"
    • -b parameter / Generating passwords using "Crunch"
    • -f parameter / Generating passwords using "Crunch"
    • -o parameter / Generating passwords using "Crunch"
    • -t parameter / Generating passwords using "Crunch"
  • CSS recursive call memory corruption
    • in Internet Explorer / Internet Explorer CSS recursive call memory corruption, How to do it...
    • working / How it works...
    • .NET CLR 2.0.50727 missing error / Missing .NET CLR 2.0.50727
  • CYCLIC option / How to do it...

D

  • -D operator / Increasing anonymity
  • database
    • setting up, in Metasploit / Setting up the database in Metasploit
    • using, for penetration testing results storage / Using the database to store penetration testing results
    • stored results, analyzing / Analyzing the stored results of the database
  • database setup, Metasploit
    • about / Setting up the database in Metasploit, Getting ready
    • steps / How to do it...
    • working / How it works...
    • errors / Getting an error while connecting the database
    • created database, deleting / Deleting the database
  • db_connect command / Getting an error while connecting the database
  • db_import command / Importing the scan results
  • db_nmap command / How it works...
  • DCOM / How it works...
  • Decoy [-D] / Increasing anonymity
  • delete command / How to do it...
  • dig query / How it works...
  • DLL / How it works...
  • DllHijackAudit kit / The DllHijackAudit kit by H. D. Moore
  • DOS / How to do it...
  • DOS attack modules
    • about / SQL injection and DOS attack modules, How to do it...
    • working / How it works...
  • Dradis framework
    • information, sharing / Sharing information with the Dradis framework, How to do it...
    • features / Sharing information with the Dradis framework
    • working / How it works...

E

  • ENDSIZE option / How to do it...
  • enumdesktops command / How to do it...
  • ERROR option / How to do it...
  • ever-exploitation technique / Setting up a persistent connection with backdoors
  • execute -h command / Getting ready
  • existing meterpreter script
    • analyzing / Analyzing an existing meterpreter script, How it works...
  • existing module
    • about / Analyzing an existing module
    • analyzing / Getting ready, How to do it...
    • working / How it works...
  • Exploit / Introduction
    • usage tips / Exploit usage quick tips, How it works...
    • commands / How to do it...
    • about / Introduction
    • converting, to Metasploit module / Converting exploit to a Metasploit module, How to do it...
  • exploit() function / How to do it...
  • exploit mixins
    • about / Common exploit mixins
    • Exploit**Remote**TCP / How to do it...
    • Exploit**Remote**UDP / How to do it...
    • Exploit**Remote**DCERPC / How to do it...
    • Exploit**Remote**SMB / How to do it...
    • Exploit**BruteTargets / How to do it...
    • Exploit**Remote**Ftp / How to do it...
    • Exploit**Remote**MSSQL / How to do it...
    • Exploit**Capture / How to do it...
    • working / How it works...
    • fileformat / Some more mixins
    • imap / Some more mixins
    • java / Some more mixins
    • smtp / Some more mixins
    • she / Some more mixins
  • export option / How it works...
  • EXTRALINE option / How to do it...

F

  • -f parameter / How to do it...
  • file attributes
    • modifying, timestomp used / Changing file attributes using timestomp, Getting ready, How it works...
  • filesystem commands, meterpreter
    • about / Meterpreter filesystem commands, How to do it...
    • working / How it works...
  • FUZZCMDS option / How to do it...
  • fuzzers, Metasploit
    • Packet header / How it works...
    • Packet checksum / How it works...
    • Packet size / How it works...

G

  • gateway / Getting ready
  • getdesktop
    • about / The getdesktop and keystroke sniffing, How to do it...
    • working / How it works...
  • getdesktop command / How it works...
  • getsystem command / How it works...
  • getuid command / How to do it...
  • Google dorks technique / How to do it..., Fun with dorks

H

  • half-open scanning / How it works...
  • hash
    • passing / Passing the hash, How to do it...
    • dump, trying / How it works..., There's more...
    • online password decryption / Online password decryption
  • Hello World, Metasploit
    • about / Beginning with the interfaces – the "Hello World" of Metasploit, Getting ready
    • msfconsole, launching / How to do it...
    • working / How it works...
    • msf > ls command / Some commands to try out and get started
    • msf > help command / Some commands to try out and get started
    • msf > msfupdate command / Some commands to try out and get started
  • help command / Getting ready
  • href tag / How it works...

I

  • -i operator / How it works...
  • Impersonation / How it works...
  • Import from file option / How it works...
  • infectious media generator
    • about / Infectious media generator, How to do it...
    • working / How it works...
  • information
    • gathering / Scanning and information gathering, How to do it..., How it works...
    • scanning / Scanning and information gathering, How to do it..., How it works...
  • information gathering
    • about / Introduction
    • passive information gathering / Introduction
    • active information gathering / Introduction
    • social engineering / Introduction
    • paasive method / Passive information gathering 1.0 – the traditional way, How to do it...
    • pasive method / How it works...
  • initialize() function / How it works...
  • initialize function / How to do it..., How to do it...
  • Internet Explorer
    • unsafe scripting misconfiguration vulnerability / Internet Explorer unsafe scripting misconfiguration vulnerability, Getting ready, How to do it...
    • Aurora memory corruption / Internet Explorer Aurora memory corruption
    • CSS recursive call memory corruption / Internet Explorer CSS recursive call memory corruption, How to do it...
  • ipconfig command / How to do it...

K

  • keyscan_dump command / How to do it..., How it works...
  • keystroke sniffing
    • about / The getdesktop and keystroke sniffing, How to do it...
  • killav.rbscript
    • using, for antivirus program disabling / Using the killav.rb script to disable antivirus programs, Getting ready, How to do it...
    • working / How it works...
    • about / A deeper look into the killav.rb script
    • using / Getting ready, How to do it..., How it works...

L

  • -l / How it works...
  • Launch button / How it works...
  • Linux (Ubuntu) machine
    • exploiting / Exploiting a Linux (Ubuntu) machine, Getting ready, How to do it...
    • working / How it works..., There's more...
    • relevant exploit modules / Other relevant exploit modules for Linux
    • Samba chain_reply Memory Corruption / Other relevant exploit modules for Linux
    • Samba trans2open Overflow / Other relevant exploit modules for Linux
  • loadlibrary() function / How it works...

M

  • MACE / Changing file attributes using timestomp
  • Metasploit
    • about / Introduction, Introduction
    • configuring, on Windows / How to do it...
    • configuring, on Ubuntu / Configuring Metasploit on Ubuntu
    • integrating, with BackTrack 5 / Metasploit with BackTrack 5 – the ultimate combination, How to do it...
    • setting up, SSH connectivity used / Setting up Metasploit on a virtual machine with SSH connectivity, How to do it...
    • Hello World / Beginning with the interfaces – the "Hello World" of Metasploit, Getting ready
    • database, setting up / Setting up the database in Metasploit, How to do it...
    • penetration process, breaking down / Introduction
    • framework basics / Introduction
    • SQL injection / SQL injection and DOS attack modules
    • fuzzing with / Fuzzing with Metasploit, Getting ready, How to do it...
    • CYCLIC option / How to do it...
    • ENDSIZE option / How to do it...
    • ERROR option / How to do it...
    • EXTRALINE option / How to do it...
    • FUZZCMDS option / How to do it...
    • SRVHOST option / How to do it...
    • SRVPORT option / How to do it...
    • STARTSIZE option / How to do it...
    • STEPSIZE option / How to do it...
    • fuzzers, working / How it works...
  • Metasploit configuration, on Ubuntu
    • about / Configuring Metasploit on Ubuntu
    • full installaer, using / How to do it...
    • minimal installer, using / How to do it...
    • installation process, working / How it works...
    • installation error / Error during installation
  • Metasploit configuration, on Windows
    • about / How to do it...
    • working / How it works...
    • database error, during installation / Database error during installation
    • PostgreSQL server configuration, error causes / Database error during installation
  • Metasploit framework / Introduction
    • about / Introduction
    • modular architecture / Introduction
    • architecture diagram / Introduction
  • Metasploit module
    • exploit, converting to / Converting exploit to a Metasploit module, How to do it...
    • working / How it works...
  • Metasploit setup, SSH connectivity used
    • on virtual machine / Setting up Metasploit on a virtual machine with SSH connectivity, How to do it...
    • working / How it works...
  • meterpreter / Introduction
    • about / Introduction
    • features / Introduction
    • functioning / Introduction
    • loading representation diagram / Introduction
    • system commands, analyzing / Analyzing meterpreter system commands
    • filesystem commands / Meterpreter filesystem commands, How to do it...
    • networking commands, using / Using meterpreter networking commands
    • pivoting / Pivoting with meterpreter, Getting ready, How it works...
    • port forwarding / Port forwarding with meterpreter, Getting ready, How to do it..., How it works...
    • script, functioning / Meterpreter API and mixins, How to do it...
    • API / Getting ready
    • irb command, using / How to do it...
    • mixins / Meterpreter mixins
  • meterpreter API
    • about / Getting ready
    • working / How it works...
  • meterpreter mixins
    • cmd_exec(cmd) / Meterpreter mixins
    • eventlog_list() / Meterpreter mixins
    • file_local_write(file2wrt, data2wrt) / Meterpreter mixins
    • is_admin?() / Meterpreter mixins
    • is_uac_enabled?() / Meterpreter mixins
    • registry_createkey(key) / Meterpreter mixins
    • registry_deleteval(key,valname) / Meterpreter mixins
    • registry_delkey(key) / Meterpreter mixins
    • registry_enumkeys(key) / Meterpreter mixins
    • registry_enumvals(key) / Meterpreter mixins
    • registry_getvaldata(key,valname) / Meterpreter mixins
    • service_delete(name) / Meterpreter mixins
    • service_info(name) / Meterpreter mixins
    • service_list() / Meterpreter mixins
    • service_stop(name) / Meterpreter mixins
  • Microsoft Word
    • RTF stack buffer overflow / Microsoft Word RTF stack buffer overflow, How to do it...
    • RTF stack buffer overflow, working / How it works...
  • migrate -f command / How to do it...
  • mixins
    • about / Common exploit mixins
  • Module / Introduction
  • module building
    • about / Understanding the basics of module building
    • starting with / Getting ready
    • working / How it works...
  • modules
    • scanner auxiliary modules / Working with scanner auxiliary modules
    • auxiliary admin modules / Working with auxiliary admin modules
    • DOS attack modules / SQL injection and DOS attack modules
    • post exploitation modules / Post-exploitation modules
    • building / Understanding the basics of module building
    • existing module, analyzing / Analyzing an existing module
    • own post exploitation module, building / Building your own post-exploitation module
  • modules/exploits/windows/browser directory / How to do it...
  • module structure
    • about / Exploiting the module structure
    • exploiting / Getting ready
    • working / How it works...
  • msf > db_autopwn command / How to do it...
  • msf > help command / Some commands to try out and get started
  • msf > hosts command / How to do it...
  • msf > ls command / Some commands to try out and get started
  • msf > msfupdate command / Some commands to try out and get started
  • msf > search exploit / How to do it...
  • msf > services command / How to do it...
  • msf > show exploits / How to do it...
  • msf > show payloads / How to do it...
  • msf > use exploit / How to do it...
  • msf > vulns command / How to do it...
  • msfconsole screen / How to do it...
  • msfencode
    • using, for client-side antivirus protection bypass / Bypassing client-side antivirus protection using msfencode, Getting ready, How to do it...
    • working / How it works...
    • multiple scanning, VirusTotal used / Quick multiple scanning with VirusTotal
    • quick multiple scanning, VirusTotal used / Quick multiple scanning with VirusTotal
  • msfpayload
    • about / Generating binary and shellcode from msfpayload
    • drawback / Generating binary and shellcode from msfpayload
    • shellcode, generating / Getting ready, How to do it...
    • binary, generating / Getting ready, How to do it...
    • working / How it works...
  • msfpayload -l command / Getting ready
  • msfpayload command / Getting ready
  • msfvenom
    • about / Working with msfvenom
    • working / How to do it..., How it works...
  • msfvenom -h command / Getting ready
  • multi-attack web method
    • about / Multi-attack web method, How to do it...
    • working / How it works...
  • multiple communication channels
    • setting, with target / Setting up multiple communication channels with the target, Getting ready, How to do it...
    • working / How it works...
  • multiple targets
    • handling, tab switch used / Handling multiple targets using the tab switch, How to do it..., How it works...
  • mysql_enum module / Getting ready

N

  • .NET 2.0 mscorie.dll module / How it works...
  • named pipe / How it works...
  • Named Pipe Impersonation / How it works...
  • Nessus
    • about / Vulnerability scanning with Nessus
    • using, for vulnerability scanning / Getting ready, How to do it..., How it works..., Sharing information with the Dradis framework
    • working / How it works...
    • working, in web browsers / Working with Nessus in the web browser
  • netmask / Getting ready
  • networking commands, meterpreter
    • about / Using meterpreter networking commands
    • Subnetwork / Getting ready
    • subnet / Getting ready
    • netmask / Getting ready
    • gateway / Getting ready
    • using / How to do it...
    • working / How it works...
  • new exploit module
    • about / Porting and testing the new exploit module
    • testing / Getting ready, How to do it...
    • porting / Getting ready, How to do it...
    • working / How it works...
  • NeXpose
    • about / Scanning with NeXpose
    • scanning / Getting ready, How it works...
    • scan results, importing / Importing the scan results
  • NLST command / How to do it...
  • Nmap / Port scanning – the Nmap way
  • note categories option / How it works...
  • NTLM (NT LAN Manager) / Getting ready

O

  • -oX parameter / How to do it...
  • OleFlushClipboard() function / How to do it...
  • operating system identification [-O] / Operating system and version detection
  • Oracle DBMS_METADATA XML vulnerability / How to do it...
  • own post exploitation module
    • about / Building your own post-exploitation module
    • building / How to do it...
    • working / How it works...

P

  • -p / How it works..., How it works...
  • passive information gathering
    • about / Passive information gathering 1.0 – the traditional way, How to do it...
    • level 1 / Passive information gathering 1.0 – the traditional way, How to do it...
    • working / How it works...
    • third-party websites, using / Using third-party websites
    • level 2 / Passive information gathering 2.0 – the next level, Getting ready, How to do it..., How it works...
  • passive information gathering 1.0
    • about / Passive information gathering 1.0 – the traditional way, How to do it...
    • working / How it works...
  • passive information gathering 2
    • about / Passive information gathering 2.0 – the next level
    • techniques / Getting ready
    • Zone Transfer technique / How to do it...
    • SMTP header technique / How to do it...
    • Google dorks technique / How to do it...
    • working / How it works...
  • Payload / Introduction
  • paylods
    • disadvantage / Introduction
  • penetration testing
    • performing, on Windows XP SP2 machine / Penetration testing on a Windows XP SP2 machine, Getting ready, How to do it..., How it works...
    • performing, on Windows 2003 Server / Penetration testing on the Windows 2003 Server, How to do it..., How to do it...
  • penetration testing lab
    • setting up, on single machine / Setting up the penetration testing lab on a single machine, Getting ready, How it works...
    • working / How it works...
    • firewall, disabling / Disabling the firewall and antivirus protection
    • antivirus protection, disabling / Disabling the firewall and antivirus protection
    • virtual box guest additions, installing / Installing virtual box guest additions
  • penetration testing results
    • storing, database used / Using the database to store penetration testing results, How to do it...
    • db_nmap command, storing / How it works...
  • persistent connection
    • setting up, backdoors used / Setting up a persistent connection with backdoors, How to do it..., How it works...
  • pivoting
    • meterpreter, using / Pivoting with meterpreter, Getting ready, How it works...
  • port forwarding / How to do it...
    • meterpreter, using / Port forwarding with meterpreter, Getting ready, How to do it..., How it works...
  • port scanning
    • about / Port scanning – the Nmap way
    • steps / How to do it...
    • TCP connect [-sT] scan / How to do it...
    • SYN scan [-sS] scan / How to do it...
    • UDP scan [-sU] / How to do it...
    • ACK scan [-sA] / How to do it...
    • working / How it works...
    • operating system identification [-O] / Operating system and version detection
    • version detection [-sV] / Operating system and version detection
  • post-exploitation
    • Armitage, using / Post-exploitation with Armitage, How to do it..., How it works...
  • post exploitation modules
    • about / Post-exploitation modules, How to do it...
    • working / How it works...
  • print API calls
    • print_line( / How to do it...
    • print_status( / How to do it...
    • print_good( / How to do it...
    • print_error( / How to do it...
  • privilege escalation / Privilege escalation and process migration, How to do it..., How it works..., How to do it...
    • working / How it works...
  • process.kill function / How it works...
  • process ID (PID) / How it works...
  • process migration / Privilege escalation and process migration, How to do it..., How it works...
    • working / How it works...
  • pwd command / How to do it...

R

  • -r / How it works...
  • Railgun
    • about / Railgun – converting Ruby into a weapon
    • using / Getting ready, How to do it...
    • working / How it works...
    • definitions / Railgun definitions and documentation
    • function definitions, adding / Adding DLL and function definition to Railgun, How to do it..., How it works...
    • DLL, adding / Adding DLL and function definition to Railgun, How to do it..., How it works...
  • read command / How to do it...
  • Refresh button / How it works...
  • route command / Getting ready, How to do it...
  • RTF stack buffer overflow
    • in Microsoft Word / Microsoft Word RTF stack buffer overflow, How to do it...
    • in Microsoft Word, working / How it works...
    • Microsoft Excel 2007 buffer overflow / Microsoft Excel 2007 buffer overflow
  • Ruby Extension (Rex) library / Introduction
  • run command / How it works...
  • run scraper -h command / Getting ready

S

  • -S operator / How it works...
  • -sS parameter / How to do it...
  • scanner auxiliary modules
    • about / Working with scanner auxiliary modules
    • working / Getting ready, How it works...
    • password generating, crunch used / Generating passwords using "Crunch"
  • scanning
    • auxiliary modules, exploring / Exploring auxiliary modules for scanning
  • scraper meterpreter script
    • about / Using a scraper meterpreter script
    • using / Getting ready, How to do it...
    • working / How it works..., There's more...
    • winenum.rb, using / Using winenum.rb
  • screenshot / How to do it...
  • sendmail server / How to do it...
  • Services option / How to do it...
  • SET
    • about / Introduction, Getting ready
    • getting started / Getting started with Social Engineer Toolkit (SET)
    • working / How it works...
  • set command / How to do it..., How to do it...
  • SET config file
    • working with / Working with the SET config file, How to do it...
    • working / Spear-phishing attack vector
  • setdesktop command / How it works...
  • set USER commands / How to do it...
  • shell, binding to target
    • about / Binding a shell to the target for remote access
    • steps / How to do it...
    • dcom exploit, working / How it works...
    • target, controlling / Gaining complete control of the target
  • show options / How to do it...
  • show options command / How to do it..., How to do it..., How to do it...
  • show targets command / How to do it..., How to do it...
  • simple FileZilla FTP fuzzer
    • writing / Writing a simple FileZilla FTP fuzzer, How to do it...
    • working / How it works...
    • antiparser fuzzing framework / Antiparser fuzzing framework
  • SMTP header technique / How to do it...
  • social engineering / Introduction
  • Spear-phishing attack vector
    • about / Getting ready
    • web-based content type / Getting ready
    • payload based content type / Getting ready
    • attack vectors, analyzing / How to do it...
    • working / How it works...
  • SPF / How it works...
  • SQL injection
    • about / SQL injection and DOS attack modules, How to do it...
    • working / How it works...
  • SRVHOST option / How to do it...
  • SRVPORT option / How to do it...
  • STARTSIZE option / How to do it...
  • Start | Programs | Metasploit framework | Framework Update / How to do it...
  • STEPSIZE option / How to do it...
  • stored results, database
    • analyzing / Analyzing the stored results of the database, How to do it..., How it works...
  • store_loot function / How to do it...
  • subnetwork/subnet / Getting ready
  • svn update command / How to do it...
  • SYN scan [-sS] scan / How to do it...
  • system commands, meterpreter
    • analyzing / Analyzing meterpreter system commands
    • background / How to do it...
    • getuid / How to do it...
    • getpid / How to do it...
    • ps / How to do it...
    • sysinfo / How to do it...
    • shell / How to do it...
    • exit / How to do it...
    • working / How it works...

T

  • tab switch
    • using, for multiple targets handling / Handling multiple targets using the tab switch, How to do it..., How it works...
  • targets
    • attacking / Finding vulnerabilities and attacking targets, How it works...
  • target service
    • scanning, auxiliary modules used / Getting ready, How to do it...
    • working / How it works...
  • Targets_exec() function / How it works...
  • taskkill command / Some services did not kill—what next?
  • tasklist command / How to do it...
  • TCP connect [-sT] scan / How to do it...
  • TEB / How it works...
  • timestomp -h command / Getting ready
  • timestomp command
    • using, for file attribute modification / Changing file attributes using timestomp, Getting ready, How it works...
    • working / How it works...
  • TLV / Setting up multiple communication channels with the target

U

  • -U operator / How it works...
  • UAC / Meterpreter mixins
  • UDP scan [-sU] / How to do it...
  • udp_sock_sendto function / How to do it...
  • unsafe scripting misconfiguration vulnerability
    • in Internet Explorer / Internet Explorer unsafe scripting misconfiguration vulnerability, Getting ready, How to do it...
    • working process / How it works...
  • use command / How to do it...
  • User Interface (UI) / Introduction
  • util.printf() buffer overflow
    • in Adobe Reader / Adobe Reader util.printf() buffer overflow, How to do it...
    • working / How it works...

V

  • version detection [-sV] / Operating system and version detection
  • View | Console / How to do it...
  • virtual machine (VM) / How to do it...
  • VirusTotal / Quick multiple scanning with VirusTotal
  • vulnerabilities
    • finding / Finding vulnerabilities and attacking targets, How it works...
  • vulnerability / Introduction
  • vulnerability scanning
    • about / Vulnerability scanning with Nessus
    • Nessus, using / How to do it..., How it works..., Sharing information with the Dradis framework

W

  • Watch button / How it works...
  • WEBATTACK_SSL setting / How to do it...
  • website attack vectors
    • about / Website attack vectors, Getting ready, How to do it...
    • working / How it works...
  • Windows 7/Server 2008 R2 SMB client infinite loop
    • about / Windows 7/Server 2008 R2 SMB client infinite loop, Getting ready
    • steps / How to do it...
    • working / How it works...
  • Windows 2003 Server
    • penetration testing, performing / Penetration testing on the Windows 2003 Server, How to do it..., How to do it...
    • analyzing / How to do it...
    • working / How it works..., There's more...
  • Windows ASLR / How it works...
  • Windows DLL injection flaws
    • about / Understanding the Windows DLL injection flaws
  • Windows Firewall De-activator
    • about / Building a "Windows Firewall De-activator" meterpreter script
    • writing, guidelines / Getting ready
    • building / How to do it...
    • working / How it works...
    • code, re-using / Code re-use
  • Windows XP SP2 machine
    • penetration testing, performing / Penetration testing on a Windows XP SP2 machine, Getting ready, How to do it..., How it works...
  • winenum.rb / Using winenum.rb
  • write command / How to do it...
  • write_check variable / How it works...

Z

  • Zone Transfer technique / How to do it...