Index

A

• ACK scan
  • about / ACK scan
• Admin1
  • about / Adding complexity or emulating target environments, Admin1
• advanced features, Domain Information Groper (Dig)
  • about / Advanced features of Dig
  • output, shortening / Shortening the output
  • bind version, listing / Listing the bind version
  • reverse DNS lookup / Reverse DNS lookup using Dig
  • multiple commands / Multiple commands
  • path, tracing / Tracing the path
  • batching / Batching with dig
  • IDS rules, avoiding / IDS rules, how to avoid them
  • decoys, using / Using decoys
• advanced packaging tools (APT)
  • about / Updating the applications and operating system
• advanced penetration testing
  • about / Introduction to advanced penetration testing, Advanced penetration testing
• advanced techniques, Nmap
  • about / Other Nmap techniques
  • stealthy / Remaining stealthy
  • zombie host / Shifting blame — the zombies did it!
• AFRINIC
  • about / Gathering and validating domain and IP information
  • URL / Gathering and validating domain and IP information
• after filter / Filters
• allintext filter / Google filters
• allinurl filter / Google filters
• APNIC
  • URL / Gathering and validating domain and IP information
  • about / Gathering and validating domain and IP information
• App1
  • about / Adding complexity or emulating target environments, App1
• AppEvent.Evt file / Important directories and files
• Apple Filing Protocol
  • about / Nmap — getting to know you
• apt-get dist-upgrade command / Updating the applications and operating system
• apt-get install command / "C"ing is believing—Create a vulnerable program
• arch command / Important commands
• ARIN
  • URL / Gathering and validating domain and IP information
  • about / Gathering and validating domain and IP information
• Armitage
  • used, for post exploitation / Using Armitage for post-exploitation
  • data, gathering / Enumeration
  • enumeration / Enumeration
  • used, for exploitation / Exploitation
  • about / Were connected, now what?
• Armitage, and Meterpreter
  • combining / Were connected, now what?
• ARP poison
  • about / Client-side attacks with Fast-Track
• arsenal
  • custom Nmap scripts, adding / Adding custom Nmap scripts to your arsenal
• ASLR
  • about / Turning ASLR on and off in BackTrack
  • turning on / Turning ASLR on and off in BackTrack
  • turning off / Turning ASLR on and off in BackTrack
• assets
  • finding / Finding specific assets
• author filter / Google filters
• automation script
  • creating / Creating an automation script
• auxiliary modules
  • using, in MetaSploit / Using auxiliary modules

B

• Backtrack
  • exploring / Exploring BackTrack
  • login information, for default install / Logging in
  • default password, modifying / Changing the default password
• BackTrack
  • installing, as virtual machine / Installing your BackTrack virtual machine
  • URL, for downloading / Installing your BackTrack virtual machine
  • virtual machine, preparing for / Preparing the virtual guest machine for BackTrack
  • installing, on virtual disk image / Installing BackTrack on the virtual disk image
  • operating system, updating / Updating the applications and operating system
  • applications, updating / Updating the applications and operating system
  • about / Creating an automation script, Default output, Batching with dig, DNS brute forcing with fierce, Metagoofil, Package repositories, Lab preparation
  • manual if config / BackTrack – Manual ifconfig
  • fuzzing tools / Fuzzing tools included in BackTrck, Bruteforce Exploit Detector (BED)
  • Kioptrix system, exploiting from / Enumeration
• BackTrack 5
  • TFTP server, installing on / Installing and starting a TFTP server on BackTrack 5
  • PostgreSQL, installing on / Installing PostgreSQL on BackTrack 5
  • about / Quick reality check – Load Balance Detector
• BackTrack guest machine
  • about / BackTrack guest machine
• BackTrack Linux
  • about / Practice makes perfect
• banner grabbing
  • with Netcat / Banner grabbing with Netcat
  • with Ncat / Banner grabbing with Ncat
  • with smbclient / Banner grabbing with smbclient
• banners
  • about / Understanding banners
• bash tool
  • about / Which tools are available on the remote system
• basic scans, Nmap / Basic scans — warming up
• batching
  • with Domain Information Groper (Dig) / Batching with dig
• BED
  • about / Bruteforce Exploit Detector (BED)
• before filter / Filters
• benefits, exploitation / Exploitation – Why bother?
• benefits, VIM / VIM — The power user's text editor of choice
• bind version
  • listing / Listing the bind version
• Blackbox testing
  • about / Before testing begins
• boot.ini file / Important directories and files
• bourne shell
  • about / Creating an automation script
• bovrflow program / Understanding the basics of buffer overflows
• branch nodes
  • about / Adding nodes
• bruteforcing
  • about / Brute forcing passwords
  • with THC Hydra / THC Hydra
• buffer overflows
  • about / Buffer overflows—A refresher
  • basics / Understanding the basics of buffer overflows
• Burp
  • about / Introduction to MagicTree

C

• cache filter / Google filters
• canonicalization
  • about / Canonicalization
• cat command / Important commands
• checklist
  • about / Using a checklist
• city filter / Filters
• client-side attacks
  • with Fast-Track / Client-side attacks with Fast-Track
• combining
  • Armitage, with Meterpreter / Were connected, now what?
• commands, Linux
  • ls -oaF / Important commands
  • locate / Important commands
  • updatedb / Important commands
  • grep / Important commands
  • less / Important commands
  • cat / Important commands
  • df -H / Important commands
  • date / Important commands
  • free / Important commands
  • arch / Important commands
  • echo / Important commands
  • last / Important commands
  • logname / Important commands
  • pwd / Important commands
  • uname -a / Important commands
  • netstat / Important commands
  • ifconfig or /sbin/ifconfig / Important commands
  • udevd -version / Important commands
  • find / -type f -perm 777 / Important commands
• command syntax, Nmap / Commonly seen Nmap scan types and options
• command syntax, onesixtyone / When the SNMP community string is NOT "public"
• common network management tools
  • using / Using common network management tools to do the deed
• Comodo Secure DNS®
  • about / Changing nameservers
• compromised hosts
  • cleaning up / Cleaning up compromised hosts
• compromised hosts, cleaning up
  • about / Cleaning up compromised hosts
  • checklist / Using a checklist
  • local log files / Local log files
• configuring
  • Vlab_1 clients / Configuring and testing our Vlab_1 clients
  • pure-ftpd / Installing and configuring pure-ftpd
  • Mutillidae 2.1.7 / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
  • pfSense / Installing and configuring pfSense
  • pfSense DHCP server / Configuring the pfSense DHCP server
  • virtual lab / Adding complexity or emulating target environments
  • firewall1 / Configuring firewall1
  • Firewall2 / Firewall2 setup and configuration
• connectivity
  • verifying, for virtual machine / Verifying connectivity
• country filter / Filters
• cover page, executive report / The report
• cross-references
  • about / Adding nodes
• curl tool / Which tools are available on the remote system
• custom Nmap scripts
  • adding, to arsenal / Adding custom Nmap scripts to your arsenal
• custom word list
  • creating / Creating a custom wordlist

D

• data
  • exporting, into HTML / Exporting data into HTML
  • reviewing / Reviewing the data
• database
  • script, adding to / Adding a new script to the database
• database connectivity
  • verifying, in MetaSploit / Verifying database connectivity
• databases
  • and Metasploit / Databases and Metasploit
• data collection, MagicTree / Data collection
• data gathering
  • about / Data gathering, network analysis, and pillaging
• data nodes
  • about / Adding nodes
• date command / Important commands
• DB1
  • about / Adding complexity or emulating target environments, DB1
• decoys
  • using / Using decoys
• default.sav file / Important directories and files
• default command usage, DNS brute forcing / Default command usage
• default HTML template
  • modifying / Changing the default HTML template
• default output, Domain Information Groper (Dig) / Default output
• default output, nslookup / Default output
• default password
  • modifying / Changing the default password
• detailed reporting, executive report / The report
• DevMachine
  • about / NewAlts Research Labs' virtual network
• df -H command / Important commands
• dhclient command / Starting the virtual lab
• DHCP server
  • about / Setup
• diff function
  • about / VIM — The power user's text editor of choice
• directories, Linux / Important directories and files
• directories, Windows / Important directories and files
• DNS brute forcing
  • with fierce / DNS brute forcing with fierce
  • default command usage / Default command usage
  • custom word list, creating / Creating a custom wordlist
• DNS reconnaissance
  • about / DNS recon
  • nslookup / Nslookup — it's there when you need it
  • Domain Information Groper (Dig) / Domain Information Groper (Dig)
• domain information
  • gathering / Gathering and validating domain and IP information
  • validating / Gathering and validating domain and IP information
• Domain Information Groper (Dig)
  • about / Domain Information Groper (Dig)
  • URL, for interface / Domain Information Groper (Dig)
  • default output / Default output
  • used, for zone transfer / Zone transfers using Dig
  • advanced features / Advanced features of Dig, Listing the bind version, Tracing the path
  • reverse DNS lookup / Reverse DNS lookup using Dig
• Domain Name System (DNS)
  • about / DNS recon
• downloading
  • vulnserver application / Introducing vulnserver
• Dradis
  • about / Creating an automation script
• Dradis Category field
  • about / Dradis Category field
  • default HTML template, modifying / Changing the default HTML template
• Dradis Framework
  • about / Introduction to the Dradis Framework
  • overview / Introduction to the Dradis Framework
  • project template, exporting / Exporting a project template
  • project template, importing / Importing a project template
  • sample data, preparing for import / Preparing sample data for import
  • data, exporting into HTML / Exporting data into HTML
  • binding, to available interface / Binding to an available interface other than 127.0.0.1
• Dradis framework
  • for collaboration / Dradis framework for collaboration

E

• echo command / Important commands
• engagement documentation
  • rules / Rules of engagement documentation
• enumeration avoidance techniques
  • about / Enumeration avoidance techniques
  • naming conventions / Naming conventions
  • port knocking / Port knocking
  • intrusion detection and avoidance systems / Intrusion detection and avoidance systems
  • trigger points / Trigger points
  • SNMP lockdown / SNMP lockdown
• example page, executive report / The report
• executive report
  • about / The report
  • cover page / The report
  • index / The report
  • Executive Summary / The report
  • primary sections / The report
  • findings section / The report
  • network diagram / The report
  • example page / The report
  • detailed reporting / The report
• Executive Summary
  • about / The report
• Exif data
  • about / Metadata collection
• exiftool
  • about / Extracting metadata from photos using exiftool
  • used, for extracting metadata from photos / Extracting metadata from photos using exiftool
• EXIT command / Bruteforce Exploit Detector (BED)
• exploit
  • running / Running the exploit
• Exploit-DB
  • about / Google hacking database, Searching Exploit-DB
  • searching / Searching Exploit-DB, Cracking the hash
• exploitation
  • about / Exploitation – Why bother?
  • benefits / Exploitation – Why bother?
  • Armitage, using / Exploitation
• ExploitDB
  • about / Exploit-DB at hand
  • code, compiling / Compiling the code
  • proof of concept code, compiling / Compiling the proof of concept code
  • code, troubleshooting / Troubleshooting the code

F

• Fast-Track
  • about / Fast-Track
  • using / Fast-Track
  • updating / Updating Fast-Track
  • client-side attacks / Client-side attacks with Fast-Track
• file integrity monitoring
  • about / File integrity monitoring
• files
  • getting, from victim machines / Getting files to and from victim machines
  • moving / Moving the files
• files, Linux / Important directories and files
• files, Windows / Important directories and files
• filetype filter / Google filters
• filters
  • about / Filters
  • net / Filters
  • city / Filters
  • country / Filters
  • port / Filters
  • before / Filters
  • after / Filters
  • os / Filters
• find / -type f -perm 777 command / Important commands
• findings section, executive report / The report
• Firewalker
  • about / Finding the ports
• Firewall1
  • about / Adding complexity or emulating target environments
  • rules, setting for LAN / Configuring firewall1
• firewall1
  • configuring / Configuring firewall1
• Firewall2
  • about / Adding complexity or emulating target environments
  • configuring / Firewall2 setup and configuration
  • setting up / Firewall2 setup and configuration
• firewall configuration
  • about / Firewall configuration
• Firewall Rules option
  • about / Setup
• firewalls
  • about / Stealth scanning through the firewall, Network segmentation and firewalls
  • stealth scanning / Stealth scanning through the firewall
  • traceroute, performing / Traceroute to find out if there is a firewall
  • blocked ports, determining / Finding out if the firewall is blocking certain ports
• Flash
  • about / Extracting metadata from photos using exiftool
• Foca
  • about / Metadata collection
• footprinting
  • about / Introduction to reconnaissance, SHODAN
• FreeBSD
  • about / Installing VirtualBox, Installing and configuring pfSense, Configuring firewall1
• free command / Important commands
• FTP banners
  • about / SHODAN
  / Understanding banners
• ftp tool / Which tools are available on the remote system
• Full Clone radial button
  • about / Creating a Kioptrix VM Level 3 clone
• full scan
  • performing, with Nmap / Full scan with Nmap
• fuzzer
  • about / Introduction to fuzzing
• fuzzing
  • about / Introduction to fuzzing
  • overview / Introduction to fuzzing
• fuzzing tools, BackTrack
  • about / Fuzzing tools included in BackTrck
  • BED / Bruteforce Exploit Detector (BED)
  • SFUZZ / SFUZZ: Simple fuzzer

G

• Gallarific
  • about / Using WebScarab as a HTTP proxy
• GCC compiler
  • about / Which tools are available on the remote system
• gcc tool / Which tools are available on the remote system
• GNU Debugger
  • about / "C"ing is believing—Create a vulnerable program
  • URL, for info / "C"ing is believing—Create a vulnerable program
• GNU General Public License (GPL)
  • about / Planning for action
• Google
  • filters / Google filters
  • about / Searching the Internet for clues
• Google filters
  • about / Google filters
  • allinurl / Google filters
  • allintext / Google filters
  • intitle / Google filters
  • cache / Google filters
  • phonebook / Google filters
  • author / Google filters
  • filetype / Google filters
  • site / Google filters
  • link / Google filters
• Google Hacking Database (GHDB)
  • about / Google hacking database
• grep command / Important commands

H

• Hackbar
  • about / Introduction to Mantra
• HAProxy
  • installing, for load balancing / Installing HAProxy for load balancing
• history files
  • about / History files and logs
• host file
  • Kioptrix3.com, adding to / Adding Kioptrix3.com to the host file
• hosts file / Important directories and files
• Hping
  • about / Finding the ports, Hping
• Hping2
  • about / Hping
• Hping3
  • about / Hping
• HTML
  • data, exporting into / Exporting data into HTML
• http banner
  • about / Banner grabbing with Ncat
• HTTP banners
  • about / HTTP banners
• HTTP proxy
  • WebScarab, using as / Using WebScarab as a HTTP proxy
• HTTP status code
  • about / HTTP banners
  • 200 / HTTP banners
  • 301 / HTTP banners
  • 302 / HTTP banners
  • 307 / HTTP banners
  • 400 / HTTP banners
  • 401 / HTTP banners
  • 403 / HTTP banners
  • 404 / HTTP banners
  • 502 / HTTP banners
  • 501 / HTTP banners
  • 505 / HTTP banners
• HTTP[Date] method / So, what are we looking for anyhow?

I

• IANA
  • URL / Gathering and validating domain and IP information
  • about / Gathering and validating domain and IP information
• ICANN
  • URL / Gathering and validating domain and IP information
  • about / Gathering and validating domain and IP information
• ICCF
  • about / VIM — The power user's text editor of choice
• ICMP packets
  • about / Setup
• identification number (IPID)
  • about / Shifting blame — the zombies did it!
• idle scan
  • concepts / Shifting blame — the zombies did it!
• IDS
  • avoiding / Now you see me, now you don't — Avoiding IDS
  • about / The scenario
• IDS rules
  • avoiding / IDS rules, how to avoid them
• ifconfig / Finding network information
• ifconfig or /sbin/ifconfig command / Important commands
• image nodes
  • about / Adding nodes
• Imperva Scuba
  • about / Introduction to MagicTree
• index, executive report / The report
• index.dat file / Important directories and files
• information
  • gathering, with whois / Gathering information with whois
  • about / Reviewing the data
  • putting to use / Putting this information to use
  • searching / Searching for information
• installed packages
  • verifying / Checking installed packages
• installed software
  • finding / Finding installed software and tools
• installed tools
  • finding / Finding installed software and tools
• installing
  • VirtualBox / Installing VirtualBox
  • BackTrack, as virtual machine / Installing your BackTrack virtual machine
  • BackTrack, on virtual disk image / Installing BackTrack on the virtual disk image
  • OpenOffice / Installing OpenOffice
  • TFTP server, on BackTrack 5 / Installing and starting a TFTP server on BackTrack 5
  • pure-ftpd / Installing and configuring pure-ftpd
  • Kioptrix Level 3 / Installing Kioptrix Level 3
  • Mutillidae 2.1.7, on Ubuntu virtual machine / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
  • pfSense / Installing and configuring pfSense
  • HAProxy, for load balancing / Installing HAProxy for load balancing
  • M0n0Wall, on VirtualBox Machine / Setup
  • WordPress, in Ubuntu Server / Web1
• Internet
  • searching, for clues / Searching the Internet for clues
• Internet Archive
  • about / Searching the Internet for clues
• InterNic
  • URL / Gathering and validating domain and IP information
  • about / Gathering and validating domain and IP information
• intitle filter / Google filters
• intrusion detection and avoidance systems
  • about / Intrusion detection and avoidance systems
• Intrusion Detection System
  • about / Intrusion detection and avoidance systems
• IO APIC setting
  • about / Installing Kioptrix Level 3
• IP/CIDR notation
  • about / Filters
• IP information
  • validating / Gathering and validating domain and IP information
  • gathering / Gathering and validating domain and IP information
• IP settings
  • maintaining, after reboot / Maintaining IP settings after reboot
• iptables tool / Which tools are available on the remote system
• IronGeek
  • URL / Practice makes perfect, Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
  • about / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine

K

• Kioptrix
  • virtual machine, adding / Target practice – Adding a Kioptrix virtual machine
  • exploiting, with Metasploit / Using Metasploit to exploit Kioptrix
  • about / Taking on Level 3 – Kioptrix
• Kioptrix3.com
  • about / Adding Kioptrix3.com to the host file, Taking on Level 3 – Kioptrix
  • adding, to host file / Adding Kioptrix3.com to the host file
• Kioptrix Level 1
  • about / Practice makes perfect, NewAlts Research Labs' virtual network
• Kioptrix Level 3
  • installing / Installing Kioptrix Level 3
  • URL, for installing / Installing Kioptrix Level 3
  • about / Taking on Level 3 – Kioptrix
• Kioptrix system
  • exploiting, from BackTrack / Enumeration
• Kioptrix virtual machine
  • adding / Target practice – Adding a Kioptrix virtual machine
• Kioptrix VM Level 1
  • about / Target practice – Adding a Kioptrix virtual machine
• Kioptrix VM Level 3
  • about / Practice makes perfect
• Kioptrix VM Level 3 clone
  • creating / Creating a Kioptrix VM Level 3 clone
• Kioptrix VM Level 3 Clone
  • about / Practice makes perfect

L

• *.log file / Important directories and files
• lab
  • virtual machine, adding to / Adding another virtual machine to our lab
• lab preparation
  • about / Lab preparation
  • BackTrack guest machine / BackTrack guest machine
  • Ubuntu guest machine / Ubuntu guest machine
  • pfSense guest machine configuration / pfSense guest machine configuration
  • firewall configuration / Firewall configuration
• LACNIC
  • about / Gathering and validating domain and IP information
  • URL / Gathering and validating domain and IP information
• LAN
  • about / Setup
  • Firewall1 rules, setting for / Configuring firewall1
• LAN IP configuration
  • about / LAN IP configuration
• last command / Important commands, Users and credentials
• lastlog command / Users and credentials
• ldd command / Turning ASLR on and off in BackTrack
• less command / Important commands
• link filter / Google filters
• Linux
  • about / Installing VirtualBox, Turning ASLR on and off in BackTrack, Linux
  • files / Important directories and files
  • directories / Important directories and files
  • commands / Important commands
• live decoys
  • about / Using decoys
• Load Balance Detector
  • about / Quick reality check – Load Balance Detector, Taking on Level 3 – Kioptrix
• load balancers
  • detecting / Detecting load balancers, So, what are we looking for anyhow?
• load balancing
  • HAProxy, installing for / Installing HAProxy for load balancing
• local log files
  • about / Local log files
• locate command / Important commands
• logname command / Important commands
• logs
  • about / History files and logs
• ls -oaF command / Important commands
• Lullar.com
  • about / Searching the Internet for clues

M

• M0n0Wall
  • URL, for downloading / Setup
  • installing, on VirtualBox Machine / Setup
  • interfaces, configuring / Setup
• M0n0Wall firewall installation
  • setting up / Setup
• M0n0wall virtual instance
  • setting up / Firewall2 setup and configuration
• macros
  • about / Old school — The text editor method
• MagicTree
  • about / Introduction to MagicTree, Creating an automation script, SHODAN, Enumeration and exploitation
  • starting / Starting MagicTree
  • launching / Starting MagicTree
  • nodes, adding / Adding nodes
  • data collection / Data collection
  • report, generating / Report generation
• Mantra
  • about / Introduction to Mantra
  • overview / Introduction to Mantra
• manual exploitation
  • about / Manual exploitation
  • services, enumerating / Enumerating services
  • full scan, with Nmap / Full scan with Nmap
• manual if config, BackTrack / BackTrack – Manual ifconfig
• manual if config, Ubuntu / Ubuntu – Manual ifconfig
• Mass Client Attack Web Server
  • about / Client-side attacks with Fast-Track
• metadata
  • extracting, from photos with exiftool / Extracting metadata from photos using exiftool
• metadata collection
  • about / Metadata collection
• MetaGoofil
  • about / Metagoofil
• Metagoofil Blackhat Arsenal Edition
  • about / Metagoofil
• Metasploit
  • and databases / Databases and Metasploit
  • database connectivity, verifying / Verifying database connectivity
  • Nmap scan, performing within / Performing an Nmap scan from within Metasploit
  • auxiliary modules, using / Using auxiliary modules
  • used, for exploiting Kioptrix / Using Metasploit to exploit Kioptrix
  • about / Fast-Track
• Metasploit framework
  • updating / Updating the Metasploit framework
• Meterpreter
  • about / Were connected, now what?, Networking details
• Microsoft Windows™
  • post exploitation / Microsoft Windows™ post-exploitation
• miscellaneous evasion techniques
  • about / Miscellaneous evasion techniques
  • divide and conquer / Divide and conquer
  • hiding out / Hiding out (on controlled units)
  • file integrity monitoring / File integrity monitoring
  • common network management tools / Using common network management tools to do the deed
• Mutillidae
  • about / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
• Mutillidae 2.1.7
  • about / Practice makes perfect
  • installing, on Ubuntu virtual machine / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
  • configuring / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
• MySQL
  • setting up, for PBNJ / Setting up MySQL for PBNJ
  • starting / Starting MySQL

N

• name servers
  • modifying / Changing nameservers
• Nano
  • about / Nano
  • launching / Nano
  • URL, for info / Nano
• nano editor
  • about / Creating an automation script
• nanorc
  • about / Nano
• NAT non-routable addresses
  • about / Network segmentation and firewalls
• Ncat
  • about / Nmap — getting to know you, Banner grabbing with Netcat and Ncat
  • used, for banner grabbing / Banner grabbing with Ncat
• Ncrack
  • about / Nmap — getting to know you
• nc tool / Which tools are available on the remote system
• Ndiff
  • about / Nmap — getting to know you
• Nessus
  • about / Introduction to MagicTree
• Netcat
  • about / Banner grabbing with Netcat and Ncat
  • used, for banner grabbing / Banner grabbing with Netcat
• net filter / Filters
• NetSetup.log file / Important directories and files
• netstat command / Important commands
• network analysis
  • about / Data gathering, network analysis, and pillaging
• network baselines
  • creating, with scanPBNJ / Creating network baselines with scanPBNJ
• network connections
  • determining / Determine connections
• network diagram, executive report / The report
• network information
  • finding / Finding network information
• networking information
  • gathering / Networking details
• network segmentation
  • about / Network segmentation and firewalls
• network sniffing
  • about / Looking at traffic patterns
• NewAlts Development Lab
  • scope, defining for test / Defining the scope
  • goals, for test / Determining the "why"
  • rules of engagement document, creating / Developing the Rules of Engagement document
  • network layout, reviewing / Initial plan of attack
  • exploitation / Enumeration and exploitation
  • enumeration / Enumeration and exploitation
  • documentation, for test / Reporting
  • issues, in penetration test / Reporting
• NewAlts Research Labs
  • about / The scenario
  • virtual network, setting up / NewAlts Research Labs' virtual network
• Nexpose vulnerability scanner toolkit
  • about / Metasploit — learn it and love it
• Nikto
  • about / Introduction to MagicTree
• Nmap
  • about / Introduction to MagicTree, Nmap — getting to know you, Timing is everything
  • using / Nmap — getting to know you
  • command syntax / Commonly seen Nmap scan types and options
  • scan options / Commonly seen Nmap scan types and options
  • scan types / Commonly seen Nmap scan types and options
  • output types / Commonly seen Nmap scan types and options
  • basic scans / Basic scans — warming up
  • advanced techniques / Other Nmap techniques
  • different scan types, using / Trying different scan types, SYN scan, ACK scan
  • script, verifying / How to decide if a script is right for you
  • new script, adding to database / Adding a new script to the database
  • full scan, performing / Full scan with Nmap
• Nmap data
  • importing / Importing your Nmap data
• Nmap firewalk script
  • about / Nmap firewalk script
• nmap options
  • -T(0-5) templates / Taking your time
  • --max-hostgroup / Taking your time
  • --max-retries / Taking your time
  • -max-parallelism / Taking your time
  • --scan-delay / Taking your time
• Nmap scan
  • performing, within Metasploit / Performing an Nmap scan from within Metasploit
• Nmap Scripting Engine
  • about / Nmap — getting to know you
  • URL, for tutorial / Adding custom Nmap scripts to your arsenal
• Nmap suite
  • ZenMap / Nmap — getting to know you
  • Ncat / Nmap — getting to know you
  • Ncrack / Nmap — getting to know you
  • Ndiff / Nmap — getting to know you
  • Nping / Nmap — getting to know you
• nmap tool / Which tools are available on the remote system
• no-nonsense test example / No-nonsense test example
• nodes
  • adding / Adding nodes
• node types
  • about / Adding nodes
  • branch nodes / Adding nodes
  • simple nodes / Adding nodes
  • text nodes / Adding nodes
  • data nodes / Adding nodes
  • XML data nodes / Adding nodes
  • image nodes / Adding nodes
  • cross-references / Adding nodes
  • overview nodes / Adding nodes
  • special nodes / Adding nodes
• NoteCase
  • about / NoteCase
  • using / NoteCase
• Nping
  • about / Nmap — getting to know you
• NRO
  • about / Gathering and validating domain and IP information
  • URL / Gathering and validating domain and IP information
• nslookup
  • about / Nslookup — it's there when you need it
  • default output / Default output
  • name servers, modifying / Changing nameservers
  • automation script, creating / Creating an automation script
• ntuser.dat file / Important directories and files
• Null scan
  • about / Null scan

O

• onesixtyone
  • about / When the SNMP community string is NOT "public"
  • command syntax / When the SNMP community string is NOT "public"
• OpenOffice
  • installing / Installing OpenOffice
  • about / Report generation
• Open Source Intelligence (OSINT)
  • about / Introduction to reconnaissance
• OpenVas
  • about / Introduction to MagicTree
• OPT1
  • about / Setup
• os filter / Filters
• OSVDB
  • URL / Using WebScarab as a HTTP proxy
• outbound connections
  • about / Determine connections
• output types, Nmap
  • -oA / Commonly seen Nmap scan types and options
  • -oG / Commonly seen Nmap scan types and options
  • -oX / Commonly seen Nmap scan types and options
  • -oN / Commonly seen Nmap scan types and options
• overview nodes
  • about / Adding nodes
• OWASP team
  • about / Using WebScarab as a HTTP proxy

P

• package repositories
  • about / Package repositories
• packages
  • installing, in pfSense / Installing additional packages in pfSense
• pagefile.sys file / Important directories and files
• passive reconnaissance
  • need for / Introduction to reconnaissance
  • about / Introduction to reconnaissance
• passwords
  • about / Passwords: Something you know…
  • cracking / Cracking the hash
  • bruteforcing / Brute forcing passwords
• PBNJ
  • about / Creating network baselines with scanPBNJ
  • MySQL, setting up for / Setting up MySQL for PBNJ
• PBNJ database
  • preparing / Preparing the PBNJ database
• PCnet-PCI II adapter / Setup
• PeekYou
  • about / Searching the Internet for clues
• penetration tester
  • about / Introduction to reconnaissance
• penetration testing
  • about / Introduction to advanced penetration testing, Penetration testing, Introduction to reconnaissance, Practice makes perfect
• Penetration Testing Execution Standard (PTES)
  • about / Before testing begins
• people
  • finding, on web / Finding people (and their documents) on the web
• pfSense
  • about / Installing and configuring pfSense, Lab preparation
  • configuring / Installing and configuring pfSense
  • installing / Installing and configuring pfSense
  • virtual machine, preparing for / Preparing the virtual machine for pfSense
  • URL, for download mirrors / Preparing the virtual machine for pfSense
  • network, setting up / pfSense network setup
  • web console settings, configuring / Configuring firewall1
  • packages, installing in / Installing additional packages in pfSense
• pfsense1
  • about / NewAlts Research Labs' virtual network
• pfsense2
  • about / NewAlts Research Labs' virtual network
• pfSense DHCP server
  • configuring / Configuring the pfSense DHCP server
  • about / pfSense DHCP – Permanent reservations
• pfSense guest machine configuration
  • about / pfSense guest machine configuration
  • pfSense network setup / pfSense network setup
  • WAN IP configuration / WAN IP configuration
  • LAN IP configuration / LAN IP configuration
• pfSense installation
  • about / SNMPEnum
• pfSense network setup
  • about / pfSense network setup
• pfSense virtual machine
  • installing / Configuring firewall1
  • downloading / Configuring firewall1
• pfSense virtual machine persistence
  • about / pfSense virtual machine persistence
• PFSense VM
  • about / Practice makes perfect
• phonebook filter / Google filters
• pivoting
  • about / Pivoting
• Pluggable Authentication Module (PAM)
  • about / Important directories and files
• port filter / Filters
• port knocking
  • about / Port knocking
• post exploitation
  • rules of engagement / Rules of engagement
  • Armitage, using / Using Armitage for post-exploitation
• post exploitation, Microsoft Windows™ / Microsoft Windows™ post-exploitation
• PostgreSQL
  • installing, on BackTrack 5 / Installing PostgreSQL on BackTrack 5
• practice environment
  • setting up / The setup, NewAlts Research Labs' virtual network
• pre-testing procedure
  • about / Before testing begins
  • scope, determining / Determining scope
  • limits, setting / Setting limits — nothing lasts forever
• primary sections, executive report / The report
• programs
  • running, at startup / Programs and services that run at startup
• project template
  • exporting / Exporting a project template
  • importing / Importing a project template
• PTES / Introduction to reconnaissance
• pure-ftpd
  • configuring / Installing and configuring pure-ftpd
  • installing / Installing and configuring pure-ftpd
  • starting / Starting pure-ftpd
• pwd command / Important commands

Q

• Qualys
  • about / Introduction to MagicTree
• quick scan
  • performing, with unicornscan / Quick scan with Unicornscan

R

• Rails application
  • about / Introduction to the Dradis Framework
• reconnaissance
  • about / Introduction to reconnaissance
  • types / Introduction to reconnaissance
• reconnaissance workflow
  • about / Reconnaissance workflow
• Red Hat
  • about / Checking installed packages
• registrar
  • specifying, for usage / Specifying which registrar to use
• remote system
  • tools / Which tools are available on the remote system
• report generation
  • about / Report generation
• Report option
  • about / Report generation
• reverse DNS lookup
  • with Domain Information Groper (Dig) / Reverse DNS lookup using Dig
• RIPE
  • about / Gathering and validating domain and IP information
  • URL / Gathering and validating domain and IP information
• RPM
  • about / Checking installed packages
• rules of engagement, post exploitation
  • about / Rules of engagement
  • permissions / What is permitted?
  • goals, assessing / What is permitted?
  • modifications / Can you modify anything and everything?
  • persistence / Are you allowed to add persistence?
  • data storage / How is the data that is collected and stored handled by you and your team?
  • data collection / How is the data that is collected and stored handled by you and your team?
  • personal information / Employee data and personal information
  • employee data / Employee data and personal information

S

• --script-help option / How to decide if a script is right for you
• SAMBA / The report
• samba exploit
  • used, for gaining access to system / Exploitation
• SAM file / Important directories and files
• sample data
  • preparing, for import / Preparing sample data for import
• scanf function / "C"ing is believing—Create a vulnerable program
• scan options, Nmap
  • -g / Commonly seen Nmap scan types and options
  • --spoof_mac / Commonly seen Nmap scan types and options
  • -S / Commonly seen Nmap scan types and options
  • -e / Commonly seen Nmap scan types and options
  • -F / Commonly seen Nmap scan types and options
  • -p / Commonly seen Nmap scan types and options
  • -R / Commonly seen Nmap scan types and options
  • -N / Commonly seen Nmap scan types and options
  • -n / Commonly seen Nmap scan types and options
  • -h / Commonly seen Nmap scan types and options
  • -6 / Commonly seen Nmap scan types and options
  • -A / Commonly seen Nmap scan types and options
  • -T(0-5) / Commonly seen Nmap scan types and options
  • --scan_delay / Commonly seen Nmap scan types and options
  • -sV / Commonly seen Nmap scan types and options
• scanPBNJ
  • used, for creating network baselines / Creating network baselines with scanPBNJ
• scan types, Nmap
  • -sA / Commonly seen Nmap scan types and options
  • -sP / Commonly seen Nmap scan types and options
  • -sR / Commonly seen Nmap scan types and options
  • -sS / Commonly seen Nmap scan types and options
  • -sT / Commonly seen Nmap scan types and options
  • -sU / Commonly seen Nmap scan types and options
  • -sX / Commonly seen Nmap scan types and options
  • -sL / Commonly seen Nmap scan types and options
  • -sO / Commonly seen Nmap scan types and options
  • -sM / Commonly seen Nmap scan types and options
  • -sI / Commonly seen Nmap scan types and options
  • -sW / Commonly seen Nmap scan types and options
  • SYN / SYN scan
  • Null / Null scan
  • ACK / ACK scan
• script
  • adding, to database / Adding a new script to the database
• scripts
  • about / Old school — The text editor method
• search engines
  • about / Using search engines to do your job for you
  • used, for finding information / Using search engines to do your job for you
• SecApps Google Hacking Database Explorer
  • about / Searching the Internet for clues
• SecEvent.Evt file / Important directories and files
• security.sav file / Important directories and files
• segmentation fault
  • about / Understanding the basics of buffer overflows
• services
  • enumerating / Enumerating services
  • running, at startup / Programs and services that run at startup
• SET
  • about / Fast-Track, Social Engineering Toolkit
  • URL, for documentation / Social Engineering Toolkit
  • overview / Social Engineering Toolkit
• sftp tool / Which tools are available on the remote system
• SFUZZ
  • about / SFUZZ: Simple fuzzer
• shell scripting
  • about / Creating an automation script
• SHODAN
  • about / SHODAN
• simple nodes
  • about / Adding nodes
• site
  • detecting, for balancing / So, what are we looking for anyhow?
• Site Digger 3.0
  • about / Searching the Internet for clues
• site filter / Google filters
• smbclient
  • used, for banner grabbing / Banner grabbing with smbclient
• SNMP
  • about / SNMP: A goldmine of information just waiting to be discovered
  • SNMPEnum / SNMPEnum
  • SNMPCheck / SNMPCheck
• SNMPCheck
  • about / SNMPCheck
• SNMP community string
  • about / When the SNMP community string is NOT "public"
• SNMPEnum
  • about / SNMPEnum
• SNMP lockdown
  • about / SNMP lockdown
• software.sav file / Important directories and files
• special nodes
  • about / Adding nodes
• SQL injection
  • about / Using a checklist
• SSH
  • about / The scenario
• SSH banners / SHODAN
  • about / Understanding banners
• SSH session
  • about / Blending in
• ssh tool / Which tools are available on the remote system
• SSH traffic
  • about / Blending in
• stealth scanning
  • through firewall / Stealth scanning through the firewall
• strcpy() function / Introduction to fuzzing
• SYN scan
  • about / SYN scan
• system
  • accessing, samba exploit used / Exploitation
• system.sav file / Important directories and files
• system data
  • gathering / Were connected, now what?
• system file / Important directories and files
• system information
  • files / Configurations, settings, and other files
  • settings / Configurations, settings, and other files
  • configurations / Configurations, settings, and other files

T

• target environments
  • emulating / Adding complexity or emulating target environments
• TCP Sequence Prediction rating
  • about / Shifting blame — the zombies did it!
• TCP Sequence Prediction ratings
  • about / Shifting blame — the zombies did it!
• Telnet banners / SHODAN, Understanding banners
• telnet tool / Which tools are available on the remote system
• test results
  • managing / Effectively manage your test results
• text editor method
  • about / Old school — The text editor method
• text nodes
  • about / Adding nodes
• TFTP server
  • starting / Installing and starting a TFTP server on BackTrack 5
  • installing, on BackTrack 5 / Installing and starting a TFTP server on BackTrack 5
• tftp tool / Which tools are available on the remote system
• THC Hydra
  • about / THC Hydra
  • bruteforcing with / THC Hydra
• The Harvester
  • about / Searching the Internet for clues
• TinEye
  • about / Searching the Internet for clues
• traffic
  • logged, by firewall / Blending in
• traffic patterns
  • about / Looking at traffic patterns
• tree command
  • about / Blending in

U

• Ubuntu
  • about / Adding another virtual machine to our lab, Lab preparation
  • manual if config / Ubuntu – Manual ifconfig
• Ubuntu guest machine
  • about / Ubuntu guest machine
• Ubuntu Server
  • WordPress, installing in / Web1
• Ubuntu virtual machine
  • about / Practice makes perfect
  • Mutillidae 2.1.7, installing on / Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
• Ubuntu_TestMachine_1
  • about / Practice makes perfect, Installing and configuring Mutillidae 2.1.7 on the Ubuntu virtual machine
• udevd -version command / Important commands
• ufw (Uncomplicated Firewall)
  • about / Maintaining IP settings after reboot
  • URL, for info / Maintaining IP settings after reboot
• uname -a command / Important commands
• unicornscan
  • quick scan, performing with / Quick scan with Unicornscan
  • about / Quick scan with Unicornscan
• updatedb command / Important commands
• updating
  • Fast-Track / Updating Fast-Track
• user credentials
  • gaining / Users and credentials

V

• VboxManage tool
  • URL / Target practice – Adding a Kioptrix virtual machine
• VDI (Virtual Disk Image) / Preparing the virtual machine for pfSense
• victim machines
  • files, getting from / Getting files to and from victim machines
• vim
  • about / Old school — The text editor method
• VIM
  • about / VIM — The power user's text editor of choice
  • benefits / VIM — The power user's text editor of choice
• vimtutor / VIM — The power user's text editor of choice
• VirtualBox
  • installing / Installing VirtualBox
  • URL / Installing VirtualBox
  • virtual machine, preparing / Adding another virtual machine to our lab
  • URL, for manual / Starting the virtual lab
  • settings, for guest machine setup / Setup
  • network adapters / Setup
• VirtualBox Machine
  • M0n0Wall, installing on / Setup
• virtual disk image
  • BackTrack, installing on / Installing BackTrack on the virtual disk image
• virtual guest machine
  • preparing, for BackTrack / Preparing the virtual guest machine for BackTrack
• virtual guest machines
  • cloning / Creating a Kioptrix VM Level 3 clone
• virtual lab
  • requisites, for configuration / Practice makes perfect
  • starting / Starting the virtual lab
  • configuring / Adding complexity or emulating target environments
  • challenges, in setting up / The challenge
• virtual machine
  • BackTrack, installing as / Installing your BackTrack virtual machine
  • adding, to lab / Adding another virtual machine to our lab
  • preparing, in VirtualBox / Adding another virtual machine to our lab
  • connectivity, verifying / Verifying connectivity
  • preparing, for pfSense / Preparing the virtual machine for pfSense
• virtual network
  • setting up / NewAlts Research Labs' virtual network
• Virtual Test Lab Environments
  • setting up / No-nonsense test example
• Vlab_1 clients
  • testing / Configuring and testing our Vlab_1 clients
  • configuring / Configuring and testing our Vlab_1 clients
• VOIP
  • about / What is permitted?
• vulnerability assessments
  • about / Vulnerability assessments
• vulnerable program
  • creating / "C"ing is believing—Create a vulnerable program
• vulnserver
  • about / Introducing vulnserver
• vulnserver application
  • downloading / Introducing vulnserver

W

• w3af
  • about / Web Application Attack and Audit Framework (w3af)
• w3af console
  • used, for scanning / Scanning by using the w3af console
• w3af GUI
  • used, for saving time / Using w3af GUI to save time
• WAF
  • about / Detecting Web Application Firewalls (WAF), The scenario
  • detecting / Detecting Web Application Firewalls (WAF)
• WAFW00F
  • about / Detecting Web Application Firewalls (WAF)
• WAN
  • about / Setup
• WAN IP configuration
  • about / WAN IP configuration
• web
  • people, finding on / Finding people (and their documents) on the web
• Web1
  • about / Adding complexity or emulating target environments, Web1
• web console settings, pfSense
  • configuring / Configuring firewall1
• WebScarab
  • about / Using WebScarab as a HTTP proxy
  • using, as HTTP proxy / Using WebScarab as a HTTP proxy
• WebServer
  • about / NewAlts Research Labs' virtual network
• web server
  • setting up / Why bother with setting up labs?
• web server modifications
  • about / Web server modifications
• wget tool / Which tools are available on the remote system
• Whitebox test
  • about / Determine connections
• Whitebox testing
  • about / Before testing begins
• White Pages
  • about / Searching the Internet for clues
• whois
  • used, for gathering information / Gathering information with whois
  • about / Gathering information with whois, Specifying which registrar to use
  • usage / Gathering information with whois
  • used, for finding originating country of IP address / Where in the world is this IP?
• win.ini file / Important directories and files
• Windows machine
  • directories / Important directories and files
  • files / Important directories and files
• Wireshark
  • about / Shifting blame — the zombies did it!, Using decoys, Bruteforce Exploit Detector (BED)
• WordPress
  • installing, in Ubuntu Server / Web1
  • about / The scenario

X

• XML data nodes
  • about / Adding nodes

Z

• ZenMap
  • about / Nmap — getting to know you
• zombie host
  • about / Shifting blame — the zombies did it!
• zone transfers
  • with Domain Information Groper (Dig) / Zone transfers using Dig