Book Image

Penetration Testing with BackBox

By : Stefan Umit Uygur
Book Image

Penetration Testing with BackBox

By: Stefan Umit Uygur

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Penetration Testing with BackBox
Stefan Umit Uygur
Feb, 2014 | 130 pages
No titles found
Table of Contents (15 chapters)
Penetration Testing with BackBox
Penetration Testing with BackBox
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Starting Out with BackBox Linux
Starting Out with BackBox Linux
A flexible penetration testing distribution
The organization of tools in BackBox
Services
Update
Anonymous
Extras
Completeness, accuracy, and support
Links and contacts
Summary
2
Information Gathering
Information Gathering
Starting with an unknown system
Proceeding with a known system
Summary
3
Vulnerability Assessment and Management
Vulnerability Assessment and Management
Vulnerability scanning
False positives
Summary
4
Exploitations
Exploitations
Exploitation of a SQL injection on a database
Exploiting web applications with W3af
Summary
5
Eavesdropping and Privilege Escalation
Eavesdropping and Privilege Escalation
Sniffing encrypted SSL/TLS traffic
Password cracking
Summary
6
Maintaining Access
Maintaining Access
Backdoor Weevely
Summary
7
Penetration Testing Methodologies with BackBox
Penetration Testing Methodologies with BackBox
Information gathering
Summary
8
Documentation and Reporting
Documentation and Reporting
MagicTree – the auditing productivity tool
Summary
Index
Index

Vulnerability scanning

In the previous chapter, we had the opportunity to look at how to gather information about the target environment by knowing only the domain name and we noticed that there is plenty of useful information that can be collected. So, now we know the target environment exists and is up and running. We also have further details about the domains, subdomains, registrar information, location, OS type and version, the applications running on the environment with their versions, the ports open, and so on. Now, we can begin our assessment of the vulnerabilities.

Setting up the environment

We will need to set up the environment in order to be able and ready to perform this task. We will be using the magical, free, open source tool called OpenVAS to perform this task, so let's prepare this tool and get ready.

OpenVAS is already fully installed but half configured, waiting for user instructions to complete the configuration. The only parameter missing from the configuration is the...

Previous Section
End of Section 2
Next Section