This document provides an introduction and overview to using the BackTrack 4 penetration testing Linux distribution. It discusses the backgrounds of the presenters Jorge Orchilles and Peter Greko. It then outlines how to install and configure BackTrack, demonstrating some initial reconnaissance tools like nmap. It provides a sample penetration testing scenario, walking through information gathering, vulnerability scanning with Nessus and Nikto, gaining initial access via password cracking, and privilege escalation. The presentation emphasizes the importance of permission, documentation, and problem-solving to advance in a scenario.

1. BackTrack 4 – R2Jorge OrchillesPeter GrekoSouth Florida ISSA

2. About Jorge OrchillesInformation * for over 8 years

3. Security Analyst – Fortune 10

4. Consultant by night – Orchilles Consulting

5. Master of Science and BBA in Management Information Systems – Florida International University

6. Author – Microsoft Windows 7 Administrator’s Reference (Syngress)

7. Certifications – CISSP, GCIH, CEH, CICP, CCDA, CSSDS, MCTS, MCP, Security+

8. Organizations:

9. President South Florida ISSA

10. OWASP

11. InfraGard

12. Miami Electronic Crimes Task Force

13. Hack MiamiAbout Peter GrekoLocal InfoSec ResearcherSecurity Analyst – Fortune 10Hack Miami Board MemberNot one of “them 2”Speaks at conferencesHOPE, Hacker Halted, AppSec DC

14. Intro to Back TrackLive DVD for Penetration TestingCan download VM as well300+ tools installedSaves a lot of timeRuns on UbuntuKDEhttp://www.backtrack-linux.org

15. Let’s Get StartedInsert the Back Track 4 –R2 DVD and reboot your computer.When the BIOS comes up, press F2, F12, etc depending on your BIOS for the Boot Menu – select DVD.When BackTrack splash screen comes up press Enter.To log in: Username: rootPassword: toor

16. ConfigureStart KDE: startxStart networking: Open a terminal: /etc/init.d/networking startWireless: KDE-Internet-Wicd Network ManagerSSID: SFISSAWPA-PSK: SFISSArocks!DHCP: 192.168.1.200-249/24Static IP: ifconfig eth0 192.168.1.1XX/24route add default gw 192.168.1.1 (not required)DNS: echo nameserver <ip> > /etc/resolve.confDo not use:192.168.1.1192.168.1.100 – Level 1 Victim192.168.1.110 – Level 2 Victim192.168.1.120 - MetasploitablePing 192.168.1.110 to ensure you are up.

17. /pentestGet familiar with the BackTrack GUI and /pentest directoryThese are all the tools available to youHow many have you played with already?

18. Ethical Hacking 1010. Get PermissionInformation GatheringRecon – ScanningGain AccessMaintain AccessCover Tracks – clean up“Most of hacking is doing user and admin tasks with malicious intent.” – SANS SEC504 Class

19. 0. Get PermissionYou have permission to attack ONLY the following hosts:192.168.1.100192.168.1.110192.168.1.120Anything else is considered illegal!SFISSASFISSArocks!

20. 1. Information GatheringWe will be probing three hosts which were already given.Some background100 and 110 are from Heorot.net120 is called MetasploitableNot much else to do hereNo Google

21. Real ScenarioYou would most likely need to identify live hosts:Ping sweep: nmap –sP 192.168.1.0/24DNS Zone transfer: host –l <domain.local> <DNSserverip>Netdiscover – BackTrack KDEDocumentationCreate a txt file with identified hosts.

22. 2. ReconWe will start by probing the hosts to determine open ports:nmapWe can also run other automated tools, like a vulnerability scanner or web application scanner:NessusNikto

23. nmapNmap is:Free and open sourceTool to discover, monitor, and troubleshoot TCP/IPCross PlatformSimple to usehttp://nmap.org/

24. Using nmap 101Millions of optionsnmap –hnmap [target] – scans 1000 most common TCP portsnmap –F [target] – scans 100 most common TCP portsnmap –iLfilename.txt – scans all hosts in file, one per line