book

BackTrack 4: Assuring Security by Penetration Testing

Name: BackTrack 4: Assuring Security by Penetration Testing
ISBN: 9781849513944

by Shakeel Ali, Tedi Heriyanto

April 2011

Intermediate to advanced

392 pages

8h 12m

English

Packt Publishing

Read now

Unlock full access

BackTrack 4: Assuring Security by Penetration Testing
BackTrack 4: Assuring Security by Penetration Testing
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and moreWhy Subscribe?Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions

Reader feedback
Customer support
ErrataPiracyQuestions
I. Lab Preparation and Testing Procedures
1. Beginning with BackTrack
History
BackTrack purpose
Getting BackTrack
Using BackTrack
Live DVDInstalling to hard diskInstallation in real machineInstallation in VirtualBoxPortable BackTrack
Configuring network connection
Ethernet setupWireless setupStarting the network service
Updating BackTrack
Updating software applicationsUpdating the kernel
Installing additional weapons
Nessus vulnerability scannerWebSecurify
Customizing BackTrack
Summary
2. Penetration Testing Methodology
Types of penetration testingBlack-box testingWhite-box testing
Vulnerability assessment versus penetration testing
Security testing methodologies
Open Source Security Testing Methodology Manual (OSSTMM)Key features and benefitsInformation Systems Security Assessment Framework (ISSAF)Key features and benefitsOpen Web Application Security Project (OWASP) Top TenKey features and benefitsWeb Application Security Consortium Threat Classification (WASC-TC)Key features and benefits
BackTrack testing methodology
Target scopingInformation gatheringTarget discoveryEnumerating targetVulnerability mappingSocial engineeringTarget exploitationPrivilege escalationMaintaining accessDocumentation and reporting
The ethics
Summary
II. Penetration Testers Armory
3. Target Scoping
Gathering client requirementsCustomer requirements formDeliverables assessment form
Preparing the test plan
Test plan checklist
Profiling test boundaries
Defining business objectives
Project management and scheduling
Summary
4. Information Gathering
Public resources
Document gathering
Metagoofil
DNS information
dnswalkdnsenumdnsmapdnsmap-bulkdnsreconfierce
Route information
0tracedmitryitracetcpraceroutetctrace
Utilizing search engines
goorecontheharvester
All-in-one intelligence gathering
Maltego
Documenting the information
Dradis
Summary
5. Target Discovery
Introduction
Identifying the target machine
pingarpingarping2fpinggenlisthping2hping3lanmapnbtscannpingonesixtyone
OS fingerprinting
p0fxprobe2
Summary
6. Enumerating Target
Port scanningAutoScanNetiferaNmapNmap target specificationNmap TCP scan optionsNmap UDP scan optionsNmap port specificationNmap output optionsNmap timing optionsNmap scripting engineUnicornscanZenmap
Service enumeration
AmapHttprintHttsquash
VPN enumeration
ike-scan
Summary
7. Vulnerability Mapping
Types of vulnerabilitiesLocal vulnerabilityRemote vulnerability
Vulnerability taxonomy
Open Vulnerability Assessment System (OpenVAS)
OpenVAS integrated security tools
Cisco analysis
Cisco Auditing ToolCisco Global ExploiterCisco Passwd Scanner
Fuzzy analysis
BEDBunnyJBroFuzz
SMB analysis
Impacket SamrdumpSmb4k
SNMP analysis
ADMSnmpSnmp EnumSNMP Walk
Web application analysis
Database assessment toolsDBPwAuditPblindSQLbruteSQLiXSQLMapSQL NinjaApplication assessment toolsBurp SuiteGrendel ScanLBDNikto2Paros ProxyRatproxyW3AFWAFW00FWebScarab
Summary
8. Social Engineering
Modeling human psychology
Attack process
Attack methods
ImpersonationReciprocationInfluential authorityScarcitySocial relationship
Social Engineering Toolkit (SET)
Targeted phishing attackGathering user credentials
Common User Passwords Profiler (CUPP)
Summary
9. Target Exploitation
Vulnerability research
Vulnerability and exploit repositories
Advanced exploitation toolkit
MSFConsoleMSFCLINinja 101 drillsScenario #1Scenario #2SNMP community scannerVNC blank authentication scannerIIS6 WebDAV unicode auth bypassScenario #3Bind shellReverse shellMeterpreterScenario #4Scenario #5Generating binary backdoorAutomated browser exploitationWriting exploit module
Summary
10. Privilege Escalation
Attacking the passwordOffline attack toolsRainbowcrackSamdump2JohnOphcrackCrunchWydOnline attack toolsBruteSSHHydra
Network sniffers
DsniffHamsterTcpdumpTcpickWireshark
Network spoofing tools
ArpspoofEttercap
Summary
11. Maintaining Access
Protocol tunnelingDNS2tcpPtunnelStunnel4
Proxy
3proxyProxychains
End-to-end connection
CryptCatSbdSocat
Summary
12. Documentation and Reporting
Documentation and results verification
Types of reports
Executive reportManagement reportTechnical reportNetwork penetration testing report (sample contents)Table of Contents
Presentation
Post testing procedures
Summary
A. Supplementary Tools
Vulnerability scannerNeXpose community editionNeXpose installationStarting NeXpose communityLogin to NeXpose communityUsing NeXpose community
Web application fingerprinter
WhatWebBlindElephant
Network Ballista
NetcatOpen connectionService banner grabbingSimple serverFile transferPortscanningBackdoor ShellReverse shell
Summary
B. Key Resources
Vulnerability Disclosure and TrackingPaid Incentive Programs
Reverse Engineering Resources
Network ports

Content preview from BackTrack 4: Assuring Security by Penetration Testing

Summary

In this chapter, we discussed the target discovery process. We started by discussing the purpose of target discovery: identifying the target machine and finding out the operating system used by the target machine. Then we continued with BackTrack tools that can be used for identifying target machines. The tools discussed are ping, arping, arping2, fping, genlist, hping2, hping3, lanmap, nbtscan, nping, and onesixtyone.

At the end of this chapter you learned about the tools that can be used to do OS fingerprinting p0f and xprobe2.

In the next chapter, we will talk about target enumeration.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Kali Linux - Assuring Security by Penetration Testing - Second Edition

Publisher Resources

ISBN: 9781849513944

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

BackTrack 4: Assuring Security by Penetration Testing

by Shakeel Ali, Tedi Heriyanto

Summary

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.