Book Image

BackTrack 5 Cookbook

By : Willie L. Pritchett, David De Smet
Book Image

BackTrack 5 Cookbook

By: Willie L. Pritchett, David De Smet

Overview of this book

<p>BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. BackTrack is a distribution based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm.<br /><br />"BackTrack 5 Cookbook" provides you with practical recipes featuring many popular tools that cover the basics of a penetration test: information gathering, vulnerability identification, exploitation, priviledge escalation, and covering your tracks.<br /><br />The book begins by covering the installation of BackTrack 5 and setting up a virtual environment to perform your tests.<br /><br />We then dip into recipes involving the basic principles of a penetration test such as information gathering, vulnerability identification, and exploitation. You will further learn about privilege escalation, radio network analysis, Voice over IP, Password cracking, and BackTrack forensics.<br /><br />"BackTrack 5 Cookbook" will serve as an excellent source of information for the security professional and novice alike.</p>

Related Content you might be interested in

Current Title:

Small book image
BackTrack 5 Cookbook
Willie L. Pritchett | David De Smet
Dec, 2012 | 296 pages
No titles found
Table of Contents (17 chapters)
BackTrack 5 Cookbook
BackTrack 5 Cookbook
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Up and Running with BackTrack
Up and Running with BackTrack
Introduction
Installing BackTrack to a hard disk drive
Installing BackTrack to a USB drive with persistent memory
Installing BackTrack on VirtualBox
Installing BackTrack using VMware Tools
Fixing the splash screen
Changing the root password
Starting network services
Setting up the wireless network
2
Customizing BackTrack
Customizing BackTrack
Introduction
Preparing kernel headers
Installing Broadcom drivers
Installing and configuring ATI video card drivers
Installing and configuring NVIDIA video card drivers
Applying updates and configuring extra security tools
Setting up ProxyChains
Directory encryption
3
Information Gathering
Information Gathering
Introduction
Service enumeration
Determining the network range
Identifying active machines
Finding open ports
Operating system fingerprinting
Service fingerprinting
Threat assessment with Maltego
Mapping the network
4
Vulnerability Identification
Vulnerability Identification
Introduction
Installing, configuring, and starting Nessus
Nessus – finding local vulnerabilities
Nessus – finding network vulnerabilities
Nessus – finding Linux-specific vulnerabilities
Nessus – finding Windows-specific vulnerabilities
Installing, configuring, and starting OpenVAS
OpenVAS – finding local vulnerabilities
OpenVAS – finding network vulnerabilities
OpenVAS – finding Linux-specific vulnerabilities
OpenVAS – finding Windows-specific vulnerabilities
5
Exploitation
Exploitation
Introduction
Implementing exploits from BackTrack
Installing and configuring Metasploitable
Mastering Armitage – the graphical management tool for Metasploit
Mastering the Metasploit Console (MSFCONSOLE)
Mastering the Metasploit CLI (MSFCLI)
Mastering Meterpreter
Metasploitable MySQL
Metasploitable PostgreSQL
Metasploitable Tomcat
Metasploitable PDF
Implementing the browser_autopwn module
6
Privilege Escalation
Privilege Escalation
Introduction
Using impersonation tokens
Local privilege escalation attack
Mastering the Social-Engineer Toolkit (SET)
Collecting victims' data
Cleaning up the tracks
Creating a persistent backdoor
Man-in-the-middle attack (MITM)
7
Wireless Network Analysis
Wireless Network Analysis
Introduction
Cracking a WEP wireless network
Cracking a WPA/WPA2 wireless network
Automating wireless network cracking
Accessing clients using a fake AP
URL traffic manipulation
Port redirection
Sniffing network traffic
Accessing an e-mail by stealing cookies
8
Voice over IP (VoIP)
Voice over IP (VoIP)
Introduction
Using Svmap
Finding valid extensions
Monitoring, capturing, and eavesdropping on VoIP traffic
Using VoIPong
Mastering UCSniff
Mastering Xplico
Capturing SIP authentication
Mastering VoIP Hopper
Causing a denial of service
Attacking VoIP using Metasploit
Sniffing DECT phones
9
Password Cracking
Password Cracking
Introduction
Online password attacks
Cracking HTTP passwords
Gaining router access
Password profiling
Cracking a Windows password using John the Ripper
Using dictionary attacks
Using rainbow tables
Using NVIDIA Compute Unified Device Architecture (CUDA)
Using ATI Stream
Physical access attacks
10
BackTrack Forensics
BackTrack Forensics
Introduction
Intrusion detection and log analysis
Recursive directory encryption/decryption
Scanning for signs of rootkits
Recovering data from a problematic source
Retrieving a Windows password
Resetting a Windows password
Looking at the Windows registry entries
Index
Index

Online password attacks

In this recipe we will use the THC-Hydra (Hydra) password cracker. There are times in which we will have the time to physically attack a Windows-based computer and obtain the Security Accounts Manager (SAM) directly. However, there will also be times in which we are unable to do so and this is where an online password attack proves most beneficial.

Hydra supports many protocols, including (but not limited to) FTP, HTTP, HTTPS, MySQL, MS SQL, Oracle, Cisco, IMAP, VNC, and many more! Be careful though, as this type of attack can be a bit noisy, increasing your chance of getting detected.

Getting ready

The following requirements need to be fulfilled:

  • A connection to the Internet or intranet is required to complete this recipe

  • A computer that we can use as our victim

How to do it...

So let's begin the process of cracking an online password:

  1. From the Start menu select Applications | BackTrack | Privilege Escalation | Password Attacks | Online Attacks | hydra-gtk.

  2. Now that we have...

Previous Section
End of Section 3
Next Section