Mis 450 final presentation


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Mis 450 final presentation

  1. 1. BackTrack 5 r3 Penetration Testing Distribution By: Hackaholics Vincent Dao, Michael Elenterio, Jaclyn Franklin, GiannaPassarelli
  2. 2. Agenda What is Backtrack? Alternative Analysis Backtrack on VMWare Backtrack tools Employed Conclusion
  3. 3. What is Backtrack? • Originated as a security distribution based on the Linux distribution, first released in 2006 • Born as a merger of WHAX and Auditor Security Collection • Advantages include variation, mobility, and it’s design is very user-friendly • Used mainly for white hat use and mostly testing networks • Best features is that it contains a large amount of tools which are grouped into 12 different categories
  4. 4. Alternative Analysis Backtrack Helix Pentoo Main focus is forensic and penetration testing Focusing on system investigation, analysis, recovery, & security auditing Main focus is penetration testing Runs on a live CD, live USB, or Virtual Machine Runs on a live CD based on Ubuntu Runs on a live CD and live USB tool Intended for beginners and experts with a very user-friendly design Intended for experienced users & system administrators Include tools for packet injection patched wifi drivers, GPGPU cracking software, penetration testing & security assessment
  5. 5. Backtrack on VMWare • Chosen method since it’s easier for the purpose of demonstration and any changes are automatically saved • The user does not have to continually log into Backtrack every time and documents downloaded are all saved • VMWare allows users to switch back and forth from Backtrack to Windows • A new virtual machine was created in VMWare and then Backtrack was installed into that machine • The program was easily booted and accessible
  6. 6. Tools Presented: Macchanger • Manipulates the MAC address for network interfaces • The MAC address is an important element of computer networking • May want to change MAC address when network card stops working, to access a certain network, or for privacy concerns • Can be changed for good or bad reasons, in terms of hacking
  7. 7. Tools Presented: URLCrazy • Generates and tests mistyped domain names and variations of websites • Detects typo squatting, URL hijacking, phishing, and corporate espionage • Produces 15 types of typos, such as character omission and repeat, misspellings, and bit flipping • Knows over 8,000 common misspellings, and knows over 450 homophones • Also supports multiple keyboard layouts • Use tools to check popularity and validity of typo domains • Can control by buying typo domains and checking websites for malicious activities
  8. 8. Tools Presented: Exiftool • Allows users to extract metadata from files from a large realm of formats • Information includes file size, bit information, binary data information • Can use this to see if a document has been tampered with • Ways to prevent hackers from extracting data: • Authentication for access • Encryption of data
  9. 9. Tools Presented: Hexedit • Used to look at both hexadecimal and ASCII strings within a file • Can be used on both text and picture files • Allows for editing of both hexadecimal and ASCII strings • Contains a search function to find specific hexadecimal and ASCII strings • Can be used for good to find malware in a file by searching for common strings used by hackers • Can be used for bad to find hidden information within a file such as passwords and usernames
  10. 10. Tools Presented: Social Engineering Toolkit • Employs and simulates social engineering attacks • Useful for penetration testing and learning how to perpetrate such attacks • Variety of methods • Java Applet • Website Cloner
  11. 11. Conclusion • Backtrack’s uses • Defensive – URLCrazy, Hexedit, Exiftool • Offensive – Social Engineering Toolkit, MacChanger • Learning experience from tools • Perfect for beginner users and up to date
  12. 12. Questions?