Book Image

Penetration Testing with BackBox

By : Stefan Umit Uygur
Book Image

Penetration Testing with BackBox

By: Stefan Umit Uygur

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Penetration Testing with BackBox
Stefan Umit Uygur
Feb, 2014 | 130 pages
No titles found
Table of Contents (15 chapters)
Penetration Testing with BackBox
Penetration Testing with BackBox
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Starting Out with BackBox Linux
Starting Out with BackBox Linux
A flexible penetration testing distribution
The organization of tools in BackBox
Services
Update
Anonymous
Extras
Completeness, accuracy, and support
Links and contacts
Summary
2
Information Gathering
Information Gathering
Starting with an unknown system
Proceeding with a known system
Summary
3
Vulnerability Assessment and Management
Vulnerability Assessment and Management
Vulnerability scanning
False positives
Summary
4
Exploitations
Exploitations
Exploitation of a SQL injection on a database
Exploiting web applications with W3af
Summary
5
Eavesdropping and Privilege Escalation
Eavesdropping and Privilege Escalation
Sniffing encrypted SSL/TLS traffic
Password cracking
Summary
6
Maintaining Access
Maintaining Access
Backdoor Weevely
Summary
7
Penetration Testing Methodologies with BackBox
Penetration Testing Methodologies with BackBox
Information gathering
Summary
8
Documentation and Reporting
Documentation and Reporting
MagicTree – the auditing productivity tool
Summary
Index
Index

Starting with an unknown system

Now, let's say in the very beginning we have nothing but a public URL web address and we have no other information about this environment. So, it looks like we have to manage on our own to find out the information required in order to start our security assessment. Actually no, our assessment will begin precisely with this process by looking for the information to be gathered.

So, address given is www.example.com. Now, let's start to tweak around our BackBox Linux and navigate to BackBox | Auditing | Information Gathering. In the Network submenu, we have many tools that we can use for what we need here. This is because the network is where everything begins as we are in front of a remote system.

Automater

As its name suggests, Automater is an automated tool to give some basic information about the target. All we have to do is run Automater from the menu, and a shell with the options listed will appear as shown in the following screenshot:

The main interface of...

Previous Section
End of Section 2
Next Section