504.4 Flashcards
Metasploit Framework
A flexible collection of tools to attack, exploit, and harvest data from targets
Exploit
Takes advantage of a flaw in a target program
Payload
Makes the target do something the attacker wants
Auxiliary Modules
Performs all kinds of tasks, including port scans, vulnerability scans, DOS tools and fuzzers to find flaws
Bind Shell to Arbitrary Port
This opens a command shell listener on any tcp port of the attackers choosing
Reverse Shell
This payload shovels a shell back to the attacker on a TCP port. The attacker will likely have
a Netcat listener waiting to receive the shell.
Windows VNC Server DLL Inject
This payload allows the attacker to remotely control the GUI of the victim machine, using the Virtual Network Computing (VNC) tool, sent as a payload. VNC runs inside the victim process so it doesn’t need to be installed on the victim machine. Instead, it is inserted as a DLL inside the vulnerable process.
Create local admin user
This payload creates a new user in the administrators group with a name and password specified by the attacker.
Drive By Attacks
AKA Client side attacks, target normal web browsing activity allowing an attacker to gain access to a client device
Watering Hole Attack
Same technique as Drive By Attacks except it involves a targeting element against a specific vertical industry or other organization such as the Gov, political party, etc
Code-Executing Microsoft Office Files
Execute code in a microsoft-office file. Requires macro support file type
MsfVenom
A tool that is included in the Metasploit Framework that takes any Metasploit payload and
converts it to a standalone file
System Resource Usage Monitor (SRUM)
Built-in windows service, maintains a 30 day historical record of system activity including programs executed, wifi networks joined, network use statistics by executable, system energy usage and more.
SRUM-Dumo
Utility that extracts the data from the SRUDB.dat file and HKLM\SOFTWARE registry key, writing the data to an accessible spreadsheet. Can operate on a live workstation or read from an offline archive.
Command Stacking
The use of command separators to run multiple commands in one line
Command Injection
A web application exploitation technique to run arbitrary commands on the web server. The attacker identifies an application that accepts input and the input is used to form a command line that is executed on the server.
Reflected XSS
Targeted attack where the attacker crafts a link with malicious code to send to the victim. Victim clicks on the link and goes to the vulnerable site which will render content delivered from a crafted URL sent by the attacker.
Stored XSS
Malicious content from the attacker is stored and delivered from the server. Any user who visits the server webpage storing the malicious content will render it. More opportunistic because anyone who visits the webpage renders the malicious code.
Cross Site Scripting
An attack against users as opposed to servers. Exploits a vulnerability in the server input or output validation. Allows an attacker to send custom commands on behalf of the server to the victim
Server Content Security Policy (CSP)
Server declares which dynamic resources are permitted to load in the browser e.g JavaScript, CSS, images etc.
Structured Query Language (SQL) Injection
Web attack technique that exploits input validation flaws on applications that accept user input to interact with databases. The attacker supplies a crafted string that is accepted by the web server and applied as part of a SQL statement used to interact with a backend database.
SQL Verb
The part of the SQL statement that identifies what action is taken, such as SELECT to query a database, UPDATE to change one or more database entries, and DELETE to remove one of more database rows.
SQL Source
The part of the SQL statement indicates one or more table names that the verb is applied to.
SQL Refinement
The part of the SQL statement used to limit the scope of the action beyond the table name by identifying specific columns or values that should be used. Not always present.
sqlmap.py
Automate testing for sql injection vulnerabilities via database enumeration tasks
Server Side Request Forgery
Web servers can take user input and create web requests on behalf of the client. An attacker can manipulate the input to get the server to make arbitrary HTTP requests and compromise the server.
Internet Metadata Service (IMDS)
A system used by popular cloud providers to provide dynamic metadata about a cloud instance. Can be leveraged to obtain sensitive information.
