Book Image

BackTrack 5 Cookbook

By : Willie L. Pritchett, David De Smet
Book Image

BackTrack 5 Cookbook

By: Willie L. Pritchett, David De Smet

Overview of this book

<p>BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. BackTrack is a distribution based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm.<br /><br />"BackTrack 5 Cookbook" provides you with practical recipes featuring many popular tools that cover the basics of a penetration test: information gathering, vulnerability identification, exploitation, priviledge escalation, and covering your tracks.<br /><br />The book begins by covering the installation of BackTrack 5 and setting up a virtual environment to perform your tests.<br /><br />We then dip into recipes involving the basic principles of a penetration test such as information gathering, vulnerability identification, and exploitation. You will further learn about privilege escalation, radio network analysis, Voice over IP, Password cracking, and BackTrack forensics.<br /><br />"BackTrack 5 Cookbook" will serve as an excellent source of information for the security professional and novice alike.</p>

Related Content you might be interested in

Current Title:

Small book image
BackTrack 5 Cookbook
Willie L. Pritchett | David De Smet
Dec, 2012 | 296 pages
No titles found
Table of Contents (17 chapters)
BackTrack 5 Cookbook
BackTrack 5 Cookbook
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Up and Running with BackTrack
Up and Running with BackTrack
Introduction
Installing BackTrack to a hard disk drive
Installing BackTrack to a USB drive with persistent memory
Installing BackTrack on VirtualBox
Installing BackTrack using VMware Tools
Fixing the splash screen
Changing the root password
Starting network services
Setting up the wireless network
2
Customizing BackTrack
Customizing BackTrack
Introduction
Preparing kernel headers
Installing Broadcom drivers
Installing and configuring ATI video card drivers
Installing and configuring NVIDIA video card drivers
Applying updates and configuring extra security tools
Setting up ProxyChains
Directory encryption
3
Information Gathering
Information Gathering
Introduction
Service enumeration
Determining the network range
Identifying active machines
Finding open ports
Operating system fingerprinting
Service fingerprinting
Threat assessment with Maltego
Mapping the network
4
Vulnerability Identification
Vulnerability Identification
Introduction
Installing, configuring, and starting Nessus
Nessus – finding local vulnerabilities
Nessus – finding network vulnerabilities
Nessus – finding Linux-specific vulnerabilities
Nessus – finding Windows-specific vulnerabilities
Installing, configuring, and starting OpenVAS
OpenVAS – finding local vulnerabilities
OpenVAS – finding network vulnerabilities
OpenVAS – finding Linux-specific vulnerabilities
OpenVAS – finding Windows-specific vulnerabilities
5
Exploitation
Exploitation
Introduction
Implementing exploits from BackTrack
Installing and configuring Metasploitable
Mastering Armitage – the graphical management tool for Metasploit
Mastering the Metasploit Console (MSFCONSOLE)
Mastering the Metasploit CLI (MSFCLI)
Mastering Meterpreter
Metasploitable MySQL
Metasploitable PostgreSQL
Metasploitable Tomcat
Metasploitable PDF
Implementing the browser_autopwn module
6
Privilege Escalation
Privilege Escalation
Introduction
Using impersonation tokens
Local privilege escalation attack
Mastering the Social-Engineer Toolkit (SET)
Collecting victims' data
Cleaning up the tracks
Creating a persistent backdoor
Man-in-the-middle attack (MITM)
7
Wireless Network Analysis
Wireless Network Analysis
Introduction
Cracking a WEP wireless network
Cracking a WPA/WPA2 wireless network
Automating wireless network cracking
Accessing clients using a fake AP
URL traffic manipulation
Port redirection
Sniffing network traffic
Accessing an e-mail by stealing cookies
8
Voice over IP (VoIP)
Voice over IP (VoIP)
Introduction
Using Svmap
Finding valid extensions
Monitoring, capturing, and eavesdropping on VoIP traffic
Using VoIPong
Mastering UCSniff
Mastering Xplico
Capturing SIP authentication
Mastering VoIP Hopper
Causing a denial of service
Attacking VoIP using Metasploit
Sniffing DECT phones
9
Password Cracking
Password Cracking
Introduction
Online password attacks
Cracking HTTP passwords
Gaining router access
Password profiling
Cracking a Windows password using John the Ripper
Using dictionary attacks
Using rainbow tables
Using NVIDIA Compute Unified Device Architecture (CUDA)
Using ATI Stream
Physical access attacks
10
BackTrack Forensics
BackTrack Forensics
Introduction
Intrusion detection and log analysis
Recursive directory encryption/decryption
Scanning for signs of rootkits
Recovering data from a problematic source
Retrieving a Windows password
Resetting a Windows password
Looking at the Windows registry entries
Index
Index

OpenVAS – finding network vulnerabilities

OpenVAS allows us to attack a wide range of vulnerabilities, and we will confine our list of assessing the vulnerabilities of our target to those specific to the type of information we seek to gain from the assessment. In this recipe, we will use OpenVAS to scan for network vulnerabilities. These are vulnerabilities specific to devices on our targeted network.

Getting ready

To complete this recipe, you will need a virtual machine(s) to test against:

  • Windows XP

  • Windows 7

  • Metasploitable 2

  • Any other flavor of Linux

How to do it...

Let's begin the process of finding network vulnerabilities with OpenVAS by opening the Mozilla Firefox web browser:

  1. Go to http://127.0.0.1:9392 and log in to OpenVAS.

  2. Select Configuration | Scan Configs:

  3. Enter the name of the scan. For this recipe, we will use Network Vulnerabilities.

  4. For the base, select the Empty, static and fast option. This option allows us to start from scratch and create our own configuration.

  5. Click on Create Scan...

Previous Section
End of Section 10
Next Section