CONTENTS IN DETAIL
Introducing Classes and Interfaces
Subclassing from an Abstract Class and Implementing an Interface
Tying Everything Together with the Main() Method
Assigning a Delegate to a Method
Updating the Firefighter Class
Running the Updated Main() Method
Integrating with Native Libraries
2
FUZZING AND EXPLOITING XSS AND SQL INJECTION
Setting Up the Virtual Machine
Adding a Host-Only Virtual Network
Booting the Virtual Machine from the BadStore ISO
Fuzzing GET Requests with a Mutational Fuzzer
Tainting the Parameters and Testing for Vulnerabilities
Setting Up the Vulnerable Appliance
Capturing a Vulnerable JSON Request
Performing a UNION-Based Exploit by Hand
Performing a UNION-Based Exploit Programmatically
Exploiting Boolean-Blind SQL Vulnerabilities
Setting Up the Vulnerable Endpoint
Creating a Class for the WSDL Document
Writing the Initial Parsing Methods
Writing a Class for the SOAP Type and Parameters
Creating the SoapMessage Class to Define Sent Data
Implementing a Class for Message Parts
Defining Port Operations with the SoapPortType Class
Implementing a Class for Port Operations
Defining Protocols Used in SOAP Bindings
Compiling a List of Operation Child Nodes
Finding the SOAP Services on Ports
Automatically Fuzzing the SOAP Endpoint for SQL Injection Vulnerabilities
Fuzzing Individual SOAP Services
Fuzzing the HTTP POST SOAP Port
4
WRITING CONNECT-BACK, BINDING, AND METASPLOIT PAYLOADS
Creating a Connect-Back Payload
Accepting Data, Running Commands, and Returning Output
Executing Commands from the Stream
The Code for the Target’s Machine
Running x86 and x86-64 Metasploit Payloads from C#
Executing Native Windows Payloads as Unmanaged Code
Executing Native Linux Payloads
Testing the NessusSession Class
Logging Out and Disposing of Our Session
Automating a Vulnerability Scan
Creating a PDF Site Report and Deleting the Site
Generating a Report and Deleting the Site
Authenticating with the OpenVAS Server
Creating a Method to Execute OpenVAS Commands
Setting Up the TCP Stream to Send and Receive Commands
Certificate Validation and Garbage Collection
Getting Scan Configurations and Creating Targets
Manually Running the Cuckoo Sandbox API
Creating the CuckooSession Class
Writing the ExecuteCommand() Methods to Handle HTTP Requests
Creating Multipart HTTP Data with the GetMultipartFormData() Method
Processing File Data with the FileParameter Class
Testing the CuckooSession and Supporting Classes
Writing the CuckooManager Class
Writing the CreateTask() Method
The Task Details and Reporting Methods
Creating the Task Abstract Class
Sorting and Creating Different Class Types
Testing the sqlmap API with curl
Creating a Method to Execute a GET Request
Making a Method to Perform Scans
Integrating sqlmap with the SOAP Fuzzer
Adding sqlmap GET Request Support to the SOAP Fuzzer
Adding sqlmap POST Request Support
The ClamAV Native Library vs. the clamd Network Daemon
Automating with ClamAV’s Native Library
Setting Up the Supporting Enumerations and Classes
Accessing ClamAV’s Native Library Functions
Testing the Program by Scanning the EICAR File
Creating a Session Class for clamd
Creating a clamd Manager Class
Installing the NuGet Package Manager for MonoDevelop
Installing the MSGPACK Library
Referencing the MSGPACK Library
Writing the MetasploitSession Class
Creating the Execute() Method for HTTP Requests and Interacting with MSGPACK
Transforming Response Data from MSGPACK
Writing the MetasploitManager Class
Creating the ArachniHTTPSession Class
Creating the ArachniHTTPManager Class
Putting the Session and Manager Classes Together
The Supporting Methods for ExecuteCommand()
13
DECOMPILING AND REVERSING MANAGED ASSEMBLIES
Decompiling Managed Assemblies
Using monodis to Analyze an Assembly
14
READING OFFLINE REGISTRY HIVES
Creating a Class to Parse a Registry Hive File
Creating a Class for Node Keys
Making a Class to Store Value Keys