Book Image

Penetration Testing with BackBox

By : Stefan Umit Uygur
Book Image

Penetration Testing with BackBox

By: Stefan Umit Uygur

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Penetration Testing with BackBox
Stefan Umit Uygur
Feb, 2014 | 130 pages
No titles found
Table of Contents (15 chapters)
Penetration Testing with BackBox
Penetration Testing with BackBox
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Starting Out with BackBox Linux
Starting Out with BackBox Linux
A flexible penetration testing distribution
The organization of tools in BackBox
Services
Update
Anonymous
Extras
Completeness, accuracy, and support
Links and contacts
Summary
2
Information Gathering
Information Gathering
Starting with an unknown system
Proceeding with a known system
Summary
3
Vulnerability Assessment and Management
Vulnerability Assessment and Management
Vulnerability scanning
False positives
Summary
4
Exploitations
Exploitations
Exploitation of a SQL injection on a database
Exploiting web applications with W3af
Summary
5
Eavesdropping and Privilege Escalation
Eavesdropping and Privilege Escalation
Sniffing encrypted SSL/TLS traffic
Password cracking
Summary
6
Maintaining Access
Maintaining Access
Backdoor Weevely
Summary
7
Penetration Testing Methodologies with BackBox
Penetration Testing Methodologies with BackBox
Information gathering
Summary
8
Documentation and Reporting
Documentation and Reporting
MagicTree – the auditing productivity tool
Summary
Index
Index

Proceeding with a known system

We now have a lot more information about the previously unknown system. We haven't been through the information collection of the target in an accurate way because you can never have enough information. We can use many tools to collect a huge amount of information. However, we limit ourselves to the information we've collected until now and go one step further. Now, we know the information about the target company and we would like to know more information about the specific platform/OS used by the target.

Now we focus on our target domain, which is www.example.com, and also the IP address, which is 192.168.136.35. The next step is to find out everything we can about our target machine.

Nmap

To get a better understanding of the target environment, we will need to scan the target server and gather the information needed. To this purpose, the Nmap tool is our best friend, and a very powerful tool for network scanning.

In the menu, by navigating to Backbox | Auditing...

Previous Section
End of Section 3
Next Section