Penetration testing is a crucial method of proactively securing your ICT infrastructure. BackBox is an Ubuntu-derived Linux distribution designed for penetration testing that provides the user with a powerful set of the best known ethical hacking tools and easy updating procedures.
This book is designed with two prime learning objectives: a complete introduction to the penetration testing methodology and how to begin using BackBox to execute those methodologies. It starts with an overview of BackBox and its toolset, before outlining the major stages of penetration testing. Towards the end of the book, you'll go through a full penetration test case and learn how to use BackBox to provide full documentation and reporting.
Chapter 1, Starting Out with BackBox Linux, introduces BackBox Linux and the organization of the tools and services with a brief description of the tools included.
Chapter 2, Information Gathering, introduces us to a few ways of collecting useful information about the target system.
Chapter 3, Vulnerability Assessment and Management, explains how to perform vulnerability scans.
Chapter 4, Exploitations, uses the information we have collected in the previous chapters.
Chapter 5, Eavesdropping and Privilege Escalation, helps us in performing eavesdropping and privilege escalation on the target system where we already gained access by having obtained the access credentials in the previous chapter.
Chapter 6, Maintaining Access, helps us to set up backdoors in order to maintain access without repeating the steps covered in the previous chapters.
Chapter 7, Penetration Testing Methodologies with BackBox, helps us to perform a complete penetration test step-by-step, starting from information gathering to gaining access.
Chapter 8, Documentation and Reporting, explains how to create human-readable reports of our auditing tasks.
All you need is an average level of Unix/Linux skills, and most importantly, curiosity and passion.
This book is suitable for those who have a good level of familiarity with the Unix/Linux systems, this book will be good for you. Knowledge on Unix-like systems is necessary in order to allow you to proceed, in case something goes wrong or something unexpected occurs when performing what is explained in this book. The security knowledge is not a mandatory requirement, but it would be a plus. Apart from Chapter 1, Starting Out with BackBox Linux, this book is fully practical; so please be aware of the real cases and scenarios and do not attempt to try the techniques on unauthorized systems. The author declines any responsibility in case of such attempts as this book is only for educational purposes.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "If we expand our imported data, we will be able to see the service listed under the ipproto tcp item."
Any command-line input or output is written as follows:
ostendali@stefan:~$ whois example.com Domain: example.com Status: ok Created: 2009-06-16 11:47:34 Last Update: 2013-08-04 00:37:29 Expire Date: 2014-07-19 Registrant Name: Jack Ritcher Organization: Ritcher Inc ContactID: MRDD139374 Address: Via Spagna 52 - Rende 87036 CS IT Created: 2010-07-19 11:05:35 Last Update: 2010-07-19 11:05:34 Admin Contact Name: David Nassi Organization: David Nassi ContactID: DN10847
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Note that before the launch of the Metasploit console application, we will need to start the Postgres database that we can find in the BackBox menu's Services section."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title through the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
You can download the example code files for all Packt books you have purchased from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website, or added to any list of existing errata, under the Errata section of that title.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.