a meterpreter session.FIGURE 8-9: Retrieving the password hashes.FIGURE 8-10: Attaching to another process with the migrate
command.FIGURE 8-11: Using VNC to view a victim’s activity.FIGURE 8-12: Capturing keystrokes from the compromised system.FIGURE 8-13: Lateral movement from a compromised system.FIGURE 8-14: Dumping the hashes to use in pass the hash.FIGURE 8-15: Locating other systems with arp_scanner
.FIGURE 8-16: Lateral movement with telnet.FIGURE 8-17: Viewing user accounts on a laterally compromised system.FIGURE 8-18: Creating a backdoor user account.FIGURE 8-19: Covering your tracks with the clearev
command.
9 Chapter 9FIGURE 9-1: Using Nikto to do a web application vulnerability scan.FIGURE 9-2: Using w3af to perform different types of vulnerability checks on a ...FIGURE 9-3: Using SQLmap to automate SQL injection attacks.FIGURE 9-4: Inspecting the http post request.FIGURE 9-5: Using Hydra to crack credentials for the website.FIGURE 9-6: Using John the Ripper to crack password hashes.FIGURE 9-7: Using Wifite to automate wireless attacks.FIGURE 9-8: OWASP ZAP finds vulnerabilities in web applications.FIGURE 9-9: SET is a social engineering tool that makes it easy to create diffe...FIGURE 9-10: Using Nmap to locate systems (left) and then using Hydra to attemp...FIGURE 9-11: Using xHydra — the GUI version of Hydra.FIGURE 9-12: Cracking password hashes with John the Ripper.FIGURE 9-13: Dumping the hashes to use with a password cracker.FIGURE 9-14: Using Ncat (left) and Netcat (right) to create a bind shell.
10 Chapter 11FIGURE 11-1: Risk rating scores for vulnerabilities.
Guide
1 Cover
4 Table of Contents
7 Index
8 About the Author
Pages
1 i
2 iii
3 iv
4 1
5 2
6 3
7 4
8 5
9 6
10 7
11 8
12 9
13 10
14 11
15 12
16 13
17 14
18 15
19 16
20 17
21 18
22 19
23 20
24 21
25 22
26 23
27 24
28 25
29 26
30 27
31 28
32 29
33 30
34 31
35 32
36 33
37 34
38 35
39 36
40 37
41 38
42 39
43 40
44 41
45 42
46 43
47 44
48 45
49 46