INDEX 295
reverse payload, 62
reverse shell, 8
reverse_tcp payload, 61, 67, 68
Rex::Text.pattern_create, 202
Rex::Text.rand_text_alpha function, 245
RHOST option, 10, 276
RHOSTS option, 22–23, 25, 67, 91, 125, 126
RO (read-only) community string, 30
robots.txt file, 127
root/.msf3/config directory, 64
root/.msf3/modules/exploits/windows/
imap/ directory, 204
root/.msf3/modules/auxiliary/fuzzers/
directory, 198
route add command, 91
route command, 90
route print command, 90
RPC (Remote Procedure Call)
service, 59
RPORT option, 10
RSA company, 110
RT73 chipset, 179
Ruby programming language, 185
Ruby shell, 97
rules for Meterpreter scripts, 244
run_batch(batch) method, 31
run command, 130, 235, 249
run get_local_subnets command, 89
run hashdump command, 93
run_host(ip) method, 31
run migrate script, 117
run_range(range) method, 31
run screen_unlock command, 92
run scriptname command, 92, 277
run vnc command, 92
RW (read/write) community string, 30
S
sa (system administrator) account, 77,
79, 168, 186
SAM (Security Account Manager) data-
base, 83, 282
Samba exploit, 69, 90
save command, 64
scanner/ftp/ anonymous module, anony-
mous logins, 29
scanner/http modules, 126
scanner/ip/ipidseq module, 22
scanner mixin, 31
scanner/portscan/syn module, 257
scanner/portscan/tcp module, 91, 257
scanner/snmp/snmp_enum module, 30
scanning
Metasploitable system, 258–259
a number of systems, 27
only one system, 27
scan policies, list of available, 50
scraper command, 93–94
screenshot command, 80–81, 278
scripts, for Meterpreter, 92–95, 235–250
API for, 241–244
creating, 244–250
hashdump, 93
killav, 93
migrate, 92–93
overview, 235–241
packetrecorder, 93
persistence, 94–95
rules for, 244
scraper, 93–94
--script=smb-check-vulns plug-in, 65
scripts/meterpreter/ directory, 89, 235, 244
Search button, Login-New window, 272
search command, 58, 60
search name command, 275
search scanner/http command, 126
Secure Shell (SSH), 28, 259
Secure Sockets Layer (SSL), 31
Security Account Manager (SAM) data-
base, 83, 282
SEH (Structured Exception Handler)
controlling, 201–203
overwrite exploits for, porting to
Metasploit, 226–232
restrictions for, 204–206
three-byte overwrite of the, 207
SEH chain option, Immunity Debugger,
201, 208
send_request_cgi method, 130
separate process, automigrating to, 282
Server Message Block (SMB). See SMB
(Server Message Block)
service_(name) function, 243
sessions -c cmd command, 277
sessions -i 1 command, 68
sessions -i sessionid, 86
sessions -K command, 277
sessions -l command, 68, 86, 276
sessions -l -v command, 68, 277
sessions -s script command, 277
sessions -u 1 command, 96
sessions -u command, 95
sessions -u sessionID command, 277