Index
[SYMBOL]
[A]
[B]
[C]
[D]
[E]
[F]
[G]
[H]
[I]
[J]
[K]
[L]
[M]
[N]
[O]
[P]
[R]
[S]
[T]
[U]
[V]
[W]
[X]
Safe checks option (Nessus)
safe_checks( ) function
SAFE_FREE( ) macro
save and dump file functions (libpcap)
Scan options (Nessus)
scan_database.db file (Nikto)
scanner for web applications
building the log parser
building the scanner
directory-based testing
HTTP request, making
parameter-based testing
parsing the input file
printing output
designing
functional requirements
parseLog.pl script
paseLog.pl script
simpleScanner.pl script
generating test data
parseLog.pl source code
simpleScanner.pl source code
using the scanner
scope, web application
script categories, NASL plug-ins
script_category( ) function 2nd
script_copyright( ) function
script_id( ) function 2nd
script_require_ports( ) function
script_summary( ) function
script_version( ) function
Secure Sockets Layer
[See SSL]
security_hole( ) function
reporting on CGI vulnerability
security_note( ) function 2nd
security_warning( ) function
warning about anonymous FTP access
sEIP (saved EIP), offset to overwrite
send_packet( ) function
server, Nessus
starting
server_msgs.db (nikto_msgs plug-in)
servers.db file (Nikto plug-ins)
service_smtpauth variable
service_smtpauth( ) function 2nd
services (network), probing with Nmap
nmap-service-probes file
unrecognized service
Services/vnc
Services/www
session_get_and_del( ) function
session_put( ) function
set user ID (SUID) application, exploited
set_ip_elements( ) function
set_kb_item( ) function
set_scan_items( ) function
set_server_cats( ) function
set_targets( )
setuid( )
shellcode
simpleScanner.pl script
complete source code
SMTP authentication
implementing SMTP-AUTH in Hydra
response codes
sniffers, network
[See Ettercap network sniffers]
Snort
sock variable
sockets
Unix, querying pOf connection cache via
using with AirJack
soft matches (nmap-service-probes file)
software vulnerabilities 2nd [See also vulnerabilities]
source code analysis for web applications
black box and white box testing frameworks
goals of
PMD tool
extending
installing and running
rulesets
scope of an application
symptom code databases
symptomatic code approach
toolkit
user-controllable input
source code viewer, web application testing
spidering or crawling applications
split( ) function
sprintf( ) function 2nd
SQL injection exploits
categories of
exploit techniques
blind SQL injection
error-based SQL injection
PMD ruleset to find dynamic SQL
scanner for
exploit logic
extendedScanner.pl script
parameter-based testing
sqlBlindColumnTest subroutine
sqlBlindDataTypeTest subroutine
sqlColumnTest subroutine
sqlDataTypeTest subroutine
sqlOrTest subroutine
sqlTest routine
sqlUnionTest subroutine
using extendedScanner.pl
web application code vulnerable to
sqlBlindColumnTest subroutine
sqlBlindDataTypeTest subroutine
sqlColumnTest subroutine
SqlInjectionExample.java
ASTAdditiveExpression
ASTClassBodyDeclaration
ASTCompilationUnit
ASTMethodDeclaration
ASTMethodDeclarator
source code
sqlOrTest subroutine
sqlTest routine (exploit scanner)
sqlTest subroutine (web application scanner)
sqlUnionTest subroutine
src/hydra-smtpauth.c file
sshd
hiding from netstat
PID, using to get information about
SSL
HTTP requests over, support by LWP
Hydra, running over 2nd
Nikto SSL scanning
sslports in nmap-service-probes file
stack buffer overflows
MnoGoSearch overflow
overview
exploiting a program
how buffers overflow
importance of stack overflows
memory segments and layout
shellcode
stack frames
examining in MnoGoSearch overflow
new, creation of
stack memory segments
stacks, identifying remote OS by TCP/IP network stack
start_denial( ) function
start_smtpauth( ) function
statements, loop
static analysis tools, web application testing
static source code analysis tools
PMD
support of custom rule creation
status functions (libpcap)
str_replace( ) function
strace tool
strchr( ) function 2nd
stridx( ) function
string concatenation
+ operator, NASL
strcat( ) function
string subtraction
string( ) function 2nd
strings
empty
NASL 2nd
NASL functions for
conversions
finding and replacing strings
simple manipulation
selecting a character by index ([ ] operator)
strncasecmp( ) command
strncmp( ) function
strstr( ) function
structs
dissect_ident
packet_object 2nd
plugin_ops
substr( ) function
substring operator
subtraction operator (-)
SUID (set user ID) application, exploited
switched environment, packet capture on
symptom code
databases of
vulnerabilities/attacks stemming from
vulnerable to SQL injection, flagging
symptomatic code approach 2nd
testing toolkit
SYN flag (TCP packets) 2nd
SYNplescan
capturing responding packets
overview
source code
sys_call_table, forcing access to
sys_open( ) call, LKM that intercepts
system call table (Linux kernel)
system calls, intercepting with LKMs
forcing access to sys_call_table
intercepting sys_exit( ) in 2.4 kernels
intercepting sys_unlink( ), using System.map
strace tool
system call table
System.map file
|
