BackTrack 5 Cookbook

BackTrack 5 Cookbook

By : Willie L. Pritchett, David De Smet

Buy this Book

BackTrack 5 Cookbook

By: Willie L. Pritchett, David De Smet

Buy this Book

Overview of this book

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. BackTrack is a distribution based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm. "BackTrack 5 Cookbook" provides you with practical recipes featuring many popular tools that cover the basics of a penetration test: information gathering, vulnerability identification, exploitation, priviledge escalation, and covering your tracks. The book begins by covering the installation of BackTrack 5 and setting up a virtual environment to perform your tests. We then dip into recipes involving the basic principles of a penetration test such as information gathering, vulnerability identification, and exploitation. You will further learn about privilege escalation, radio network analysis, Voice over IP, Password cracking, and BackTrack forensics. "BackTrack 5 Cookbook" will serve as an excellent source of information for the security professional and novice alike.

BackTrack 5 Cookbook

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Preface

Free Chapter

Up and Running with BackTrack

Introduction

Installing BackTrack to a hard disk drive

Installing BackTrack to a USB drive with persistent memory

Installing BackTrack on VirtualBox

Installing BackTrack using VMware Tools

Fixing the splash screen

Changing the root password

Starting network services

Setting up the wireless network

Customizing BackTrack

Introduction

Preparing kernel headers

Installing Broadcom drivers

Installing and configuring ATI video card drivers

Installing and configuring NVIDIA video card drivers

Applying updates and configuring extra security tools

Setting up ProxyChains

Directory encryption

Information Gathering

Introduction

Service enumeration

Determining the network range

Identifying active machines

Finding open ports

Operating system fingerprinting

Service fingerprinting

Threat assessment with Maltego

Mapping the network

Vulnerability Identification

Introduction

Installing, configuring, and starting Nessus

Nessus – finding local vulnerabilities

Nessus – finding network vulnerabilities

Nessus – finding Linux-specific vulnerabilities

Nessus – finding Windows-specific vulnerabilities

Installing, configuring, and starting OpenVAS

OpenVAS – finding local vulnerabilities

OpenVAS – finding network vulnerabilities

OpenVAS – finding Linux-specific vulnerabilities

OpenVAS – finding Windows-specific vulnerabilities

Exploitation

Introduction

Implementing exploits from BackTrack

Installing and configuring Metasploitable

Mastering Armitage – the graphical management tool for Metasploit

Mastering the Metasploit Console (MSFCONSOLE)

Mastering the Metasploit CLI (MSFCLI)

Mastering Meterpreter

Metasploitable MySQL

Metasploitable PostgreSQL

Metasploitable Tomcat

Metasploitable PDF

Implementing the browser_autopwn module

Privilege Escalation

Introduction

Using impersonation tokens

Local privilege escalation attack

Mastering the Social-Engineer Toolkit (SET)

Collecting victims' data

Cleaning up the tracks

Creating a persistent backdoor

Man-in-the-middle attack (MITM)

Wireless Network Analysis

Introduction

Cracking a WEP wireless network

Cracking a WPA/WPA2 wireless network

Automating wireless network cracking

Accessing clients using a fake AP

URL traffic manipulation

Port redirection

Sniffing network traffic

Accessing an e-mail by stealing cookies

Voice over IP (VoIP)

Introduction

Using Svmap

Finding valid extensions

Monitoring, capturing, and eavesdropping on VoIP traffic

Using VoIPong

Mastering UCSniff

Mastering Xplico

Capturing SIP authentication

Mastering VoIP Hopper

Causing a denial of service

Attacking VoIP using Metasploit

Sniffing DECT phones

Password Cracking

Introduction

Online password attacks

Cracking HTTP passwords

Gaining router access

Password profiling

Cracking a Windows password using John the Ripper

Using dictionary attacks

Using rainbow tables

Using NVIDIA Compute Unified Device Architecture (CUDA)

Using ATI Stream

Physical access attacks

BackTrack Forensics

Introduction

Intrusion detection and log analysis

Recursive directory encryption/decryption

Scanning for signs of rootkits

Recovering data from a problematic source

Retrieving a Windows password

Resetting a Windows password

Looking at the Windows registry entries

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Service fingerprinting

Determining the services running on specific ports will ensure a successful pentest on the target network. It will also remove any doubts left resulting from the OS fingerprinting process.

How to do it...

Let's begin the process of service fingerprinting by opening a terminal window:

Open a terminal window and issue the following command:

nmap -sV 192.168.10.200

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-03-28 05:10 CDT
Interesting ports on 192.168.10.200:
Not shown: 1665 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd 5.0
25/tcp open smtp Microsoft ESMTP 5.0.2195.6713
80/tcp open http Microsoft IIS webserver 5.0
119/tcp open nntp Microsoft NNTP Service 5.0.2195.6702 (posting ok)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows 2000 microsoft-ds
1025/tcp open mstask Microsoft mstask
1026/tcp open msrpc Microsoft Windows RPC
1027/tcp open msrpc Microsoft Windows...

BackTrack 5 Cookbook

By : Willie L. Pritchett, David De Smet

BackTrack 5 Cookbook

By: Willie L. Pritchett, David De Smet

Overview of this book

Related Content you might be interested in

Current Title:

BackTrack 5 Cookbook

Service fingerprinting

How to do it...