Book Image

BackTrack 5 Cookbook

By : Willie L. Pritchett, David De Smet
Book Image

BackTrack 5 Cookbook

By: Willie L. Pritchett, David De Smet

Overview of this book

<p>BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. BackTrack is a distribution based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm.<br /><br />"BackTrack 5 Cookbook" provides you with practical recipes featuring many popular tools that cover the basics of a penetration test: information gathering, vulnerability identification, exploitation, priviledge escalation, and covering your tracks.<br /><br />The book begins by covering the installation of BackTrack 5 and setting up a virtual environment to perform your tests.<br /><br />We then dip into recipes involving the basic principles of a penetration test such as information gathering, vulnerability identification, and exploitation. You will further learn about privilege escalation, radio network analysis, Voice over IP, Password cracking, and BackTrack forensics.<br /><br />"BackTrack 5 Cookbook" will serve as an excellent source of information for the security professional and novice alike.</p>

Related Content you might be interested in

Current Title:

Small book image
BackTrack 5 Cookbook
Willie L. Pritchett | David De Smet
Dec, 2012 | 296 pages
No titles found
Table of Contents (17 chapters)
BackTrack 5 Cookbook
BackTrack 5 Cookbook
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Up and Running with BackTrack
Up and Running with BackTrack
Introduction
Installing BackTrack to a hard disk drive
Installing BackTrack to a USB drive with persistent memory
Installing BackTrack on VirtualBox
Installing BackTrack using VMware Tools
Fixing the splash screen
Changing the root password
Starting network services
Setting up the wireless network
2
Customizing BackTrack
Customizing BackTrack
Introduction
Preparing kernel headers
Installing Broadcom drivers
Installing and configuring ATI video card drivers
Installing and configuring NVIDIA video card drivers
Applying updates and configuring extra security tools
Setting up ProxyChains
Directory encryption
3
Information Gathering
Information Gathering
Introduction
Service enumeration
Determining the network range
Identifying active machines
Finding open ports
Operating system fingerprinting
Service fingerprinting
Threat assessment with Maltego
Mapping the network
4
Vulnerability Identification
Vulnerability Identification
Introduction
Installing, configuring, and starting Nessus
Nessus – finding local vulnerabilities
Nessus – finding network vulnerabilities
Nessus – finding Linux-specific vulnerabilities
Nessus – finding Windows-specific vulnerabilities
Installing, configuring, and starting OpenVAS
OpenVAS – finding local vulnerabilities
OpenVAS – finding network vulnerabilities
OpenVAS – finding Linux-specific vulnerabilities
OpenVAS – finding Windows-specific vulnerabilities
5
Exploitation
Exploitation
Introduction
Implementing exploits from BackTrack
Installing and configuring Metasploitable
Mastering Armitage – the graphical management tool for Metasploit
Mastering the Metasploit Console (MSFCONSOLE)
Mastering the Metasploit CLI (MSFCLI)
Mastering Meterpreter
Metasploitable MySQL
Metasploitable PostgreSQL
Metasploitable Tomcat
Metasploitable PDF
Implementing the browser_autopwn module
6
Privilege Escalation
Privilege Escalation
Introduction
Using impersonation tokens
Local privilege escalation attack
Mastering the Social-Engineer Toolkit (SET)
Collecting victims' data
Cleaning up the tracks
Creating a persistent backdoor
Man-in-the-middle attack (MITM)
7
Wireless Network Analysis
Wireless Network Analysis
Introduction
Cracking a WEP wireless network
Cracking a WPA/WPA2 wireless network
Automating wireless network cracking
Accessing clients using a fake AP
URL traffic manipulation
Port redirection
Sniffing network traffic
Accessing an e-mail by stealing cookies
8
Voice over IP (VoIP)
Voice over IP (VoIP)
Introduction
Using Svmap
Finding valid extensions
Monitoring, capturing, and eavesdropping on VoIP traffic
Using VoIPong
Mastering UCSniff
Mastering Xplico
Capturing SIP authentication
Mastering VoIP Hopper
Causing a denial of service
Attacking VoIP using Metasploit
Sniffing DECT phones
9
Password Cracking
Password Cracking
Introduction
Online password attacks
Cracking HTTP passwords
Gaining router access
Password profiling
Cracking a Windows password using John the Ripper
Using dictionary attacks
Using rainbow tables
Using NVIDIA Compute Unified Device Architecture (CUDA)
Using ATI Stream
Physical access attacks
10
BackTrack Forensics
BackTrack Forensics
Introduction
Intrusion detection and log analysis
Recursive directory encryption/decryption
Scanning for signs of rootkits
Recovering data from a problematic source
Retrieving a Windows password
Resetting a Windows password
Looking at the Windows registry entries
Index
Index

Metasploitable Tomcat

In this recipe, we will explore how to use Metasploit to attack a Tomcat server using the Tomcat Manager Login module. Tomcat, or Apache Tomcat, is an open source web server and servlet container used to run Java Servlets and JavaServer Pages (JSP). The Tomcat server is written in pure Java. We will use Metasploit in order to brute force a Tomcat login.

Getting ready

The following requirements need to be fulfilled:

  • A connection to the internal network is required to complete this recipe

  • Metasploitable running in our hacking lab

  • Word list to perform a dictionary attack

How to do it...

Let's begin the recipe by opening a terminal window:

  1. Open a command prompt.

  2. Launch the MSFCONSOLE:

    msfconsole

  3. Search for all available Tomcat modules:

    search tomcat

  4. Use the Tomcat Application Manager Login Utility:

    use auxiliary/scanner/http/tomcat_mgr_login

  5. Show the available options of the module:

    show options

    Note

    Notice we have a lot of items that are set to yes and are required. We will utilize...

Previous Section
End of Section 11
Next Section