BACKTRACK -LINUX - Softare Security - Marius Antal
“The quiter you become, the moreyou are able to hear”
Introduction There are certain tools when you are a security consultant that are just crucial to your job. In the past couple of years one of the security tools that has risen to this rank is called Backtrack.
Introduction Linux-based Penetration testing arsenal Aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
Introduction Installed, Booted from a Live DVD, Booted from thumbdrive, Optimized for a security system
Introduction Customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester. BEGINNER or EXPERT The largest collection of wireless hacking, server exploiting, web application assessing, social- engineering tools available in a single Linux distribution.
History Named after backtracking, the search algorithm. Current version - BackTrack 5 R1, code name "Revolution and its Revision.“
History Originated from the merger of two competing distributions both based on Knoppix which focused on penetration testing: WHAX: developed by Mati Aharoni, a security consultant. Auditor Security Collection: a Live CD developed by Max Moser which included over 300 tools user friendly organized.
History Designed to be an all in one live cd Used on security audits Specifically crafted to not leave any remnants of itself on the laptop The most widely adopted penetration testing framework BackTrack 4 Pre-Final - over 4 million downloads With support for both 32 bit and 64 bit platforms.
Interface Ubuntu based, user friendly operating system. Different UI configurations that you can use to get started: the gnome desktop interface the KDE desktop interface. For new users: Gnome interface Advanced users: KDE version - more options to configure the system.
Instalation www.backtrack-linux.org/downloads/ ISO UnetBootin USB > 2GB CD/DVD..
Community Opensource project: started by Mati Aharoni and Max Moser continued by a staff of individuals of different languages, regions, industries, and nationalities. The community’s activity: website, backtrack-linux.org wiki page, a blog, their forum, http://www.backtrack-linux.org/forums/, video tutorials, courses.
Tools - categories Contains more than 300 security tools and utilities that are ALL OPEN SOURCE. Many security professionals prefer them over expensive commercial programs. Also the hackers.
Categories Information gathering, Network mapping, Vulnerability identification, Web application analysis, Digital forensics, Reverse engineering, Basic penetration.
Categories Under each of the main categories, well find subheadings…
Some tools BackTrack Linux - a fine example of a specialized Linux distribution: no matter which part of the computer security field that you work in the Backtrack operating system should have you covered. From Port scanners to password crackers, all can be found in Backtrack suite.
Some tools – well known Metasploit RFMON Aircrack-NG Kismet Nmap Ophcrack Ettercap
Some tools – well known Wireshark (formerly known as Ethereal) BeEF (Browser Exploitation Framework) Hydra OWASP Mantra Security Framework collection of hacking tools, add-ons and scripts based on Firefox Cisco OCS Mass Scanner A very reliable and fast scanner for Cisco routers with telnet/enable default password. Quypt (Terminal Emulator) (which is private software by Crimson Hacking group, which has leaked to the Mainstream) Blackhat A large collection of exploits as well as more commonplace software such as browsers.
NMAP, flying under the radar The main goal in any penetration test is to tread lightly so that you dont set off any intrusion detection alerts or cause a noticeable amount of activity on the systems and network in which youre working. The activity must not look unusual to network engineers or other system administrators.
NMAP, flying under the radar One easy way to gather a lot of information on a target network quickly is to perform a SYN scan with Nmap. A SYN scan doesnt make complete connections to a systems services. A SYN scan never completes the TCP handshake process and therefore the target host never logs the attempt, so no alarms are triggered. (This technique works because TCP/IP is a "polite" protocol. It doesnt speak until spoken to.)
NMAP, flying under the radar 1. The port scanner sends out a SYN request on a particular port number (22). 2. The target responds with an ACK. 3. The scanner notes the ACK and sends a RST(reset) to disconnect from the target. No TCP connection ever takes place. The port scanner sends a SYN request to the next likely open port number, and so on..
NMAP, flying under the radar The SYN scan is very clean (leaves no trace) because no harm is done to the target. This type of scan works on all operating systems. Its important to remain as quiet as possible during your reconnaissance phase so you can gather as much information as possible about systems and their potential vulnerabilities without detection.
NMAP, flying under the radar CLI GUI – ZenMap(BackTrack > Information Gathering > Network Analysis > Network Scanners.)
NMAP, flying under the radar With only a simplest scan of a host (target), Zenmap provides a huge amount of information very quickly. The Nmap command line equivalent of a scan is: nmap -T4 -A -v 192.168.1.250
NMAP, flying under the radar The exact version information related to listening services on a host, helps you determine vulnerabilities and exploitable services. Nmap is an advanced tool that is widely used among security professionals and hackers. It provides a great deal of information for the least amount of effort.
NCrack Ncrack is a highly effective and fast network authentication cracking tool. Its purpose is to assist you in identifying user accounts with weak passwords without the hassle of logging into each host and cracking a password hash. Using it, you can check for weak FTP, SSH, TELNET, HTTP(S), POP3(S), SMB, RDP, and VNC passwords.
NCrack Next slide an actual ncrack scan looks like after a successful password crack. The user account, bob, uses a very weak password: “cheese”. It took ncrack two minutes thirty seconds to crack this password. This means that a hacker could login to this system using the bob account in less than five minutes and commence working on breaking a privileged account or downloading malware with ease.
Conclusions System security is serious problem, and the tools that hackers use to compromise your systems must be understood. Running your own checks first and strengthening your defenses, you could save your project sometimes from millions of dollars in losses. BackTrack contains all the tools needed by someone who wants to check a system’s security against unwantend guests.
Bibliography http://www.backtrack-linux.org/ A Review of the New Backtrack 5 Operating System. (n.d.). Retrieved from http://www.infosecisland.com/blogview/14138- A-Review-of-the-New-Backtrack-5-Operating-System.html About Us: BackTrack. (n.d.). Retrieved from http://www.backtrack-linux.org/about/ BackTrack Linux: The Ultimate Hackers Arsenal. (n.d.). Retrieved from http://www.admin- magazine.com/Articles/BackTrack-Linux-The-Ultimate-Hacker- s-Arsenal Pendrive.com. (n.d.). Retrieved from http://www.pendrivelinux.com/usb-backtrack-linux- installation/ Wikipedia Backtrack page. (n.d.). Retrieved from http://en.wikipedia.org/wiki/BackTrack