Hacking with Backtrack Lecture-2

•

0 likes•84 views

This document provides instructions for performing various tasks in Backtrack 5 such as gathering information from websites and domains, network scanning, packet sniffing, and man-in-the-middle attacks. It begins with safety cautions and instructions for configuring network settings in Backtrack. It then explains how to use tools like apt-get, HTTrack, Whois, Zenmap, Wireshark, and Ettercap to collect information and conduct attacks. The document emphasizes the educational purpose of these techniques and cautions the reader not to use them for harmful purposes.

Technology

HACKING WITH
BACKTRACK 5
Zia Ush Shamszaman
ANLAB, ICE, HUFS
Date: 20130412

!!Caution!!
This material is for educational
purpose only. We don't intend to ha
ck, crack or anything about
cyber crime

Check your Network and Internet
• Open a terminal type “Ping www.google.com”
• If not working then do this…
• Application > Internet > Wicd Network Manager
• Select Wire/Wireless
• Click the Connect button
• If still have problem then check your Virtual box n
etwork option

Using apt-get command
• root@bt:~#
• apt-get update && apt-get upgrade && apt-get dist-upgrade

Information Gathering
• Copying the victim web site
• HTTrack is a tool that can copy a website page-by-page a
nd we browse it offline
• Step-1: Open a terminal
• Step-2: Type “apt-get install httrack” // This will install the package
if it is not available in your system
• Step-3: Type “httrack”
• Step-4: Enter project name
• Step-5: Enter the location where the site will be stored
• Example: /root/test
• Step-6: Enter the URL of the victim site

Domain Information Collection
• Whois command
• Usinf this command you can collect the domain informatio
n of the victim
• Open a terminal
• Type: “whois <victimdomain>”
• Example: whois hufs.ac.kr
• www.domaintools.com is also an useful web tool to dig a
particular domain name.

Collecting email id
• Step-1: Open a terminal
• Step-2: Type “msfconsole” // This is a special tool of ba
cktrack
• Step-3: Type “use gather/search_email_collector”
• Step-4: Type “show options”
• Step-5: Type: “set DOMAIN <victimedomain_name>”
• Example: Type “run”
See the magic

How to use Wireshark
• Application > Backtrack > Forensics> Network Forensics>
Wireshark
• Select the Interface, e.g eth0
• Select Start
• See the live packets area transferring through the interfac
e
• Go to capture menu
• Stop the capture process
• Go to File menu and Save it in Desktop
• Go to File menu and open the captured fil
Now its all yours..Play with it !! J

Man in the Middle Attack
Before we going to start ettercap we have to configure the /etc/etter.conf
file at /etc.etter.conf
Remove two # from here

Similar to Hacking with Backtrack Lecture-2

The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon

Kenneth Kwon

CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)

Sam Bowne

CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)

Sam Bowne

The TheFatrat is an easy tool to generate backdoor’s with msfvenom (a part from metasploit framework) and easy post exploitation attack. This tool compiles a malware with popular payload and then the compiled malware can be execute on android, windows, Linux. The malware that created with this tool also have an ability to bypass most AV software protection. Bypassing the Anti- Virus or Security Software will allow for a metasploit session between the attacker and the target without Anti-Virus detecting the malicious payload and flagging a warning back to the user.

The FatRat

AjilSunny

Streamline CernVM Contextualization Plugins - GSoC 2014

gayatri11011

Wi-Fi Hotspot Attacks

Greg Foss

After School cyber security class slides - Pat

Dan Winson

Cybersecurity cyberlab1

rayborg

Android Penetration Testing - Day 3

Mohammed Adam

Finding the source of Ransomware - Wire data analytics

NetFort

TriplePlay-WebAppPenTestingTools

Yury Chemerkin

Wireshark Packet Analyzer.pptx

Carlos González García, PMP®

General Knowledge

jeetjarsania

Penetration Testing Boot CAMP

Shaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert

Path of Cyber Security

Satria Ady Pradana

Path of Cyber Security

Satria Ady Pradana

Forensics WS Consolidated

Karter Rohrer

Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.

Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...

grecsl

Fjbt fy20 ns_ngfw_pov_lab_6_5

ib_cims

IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...

APNIC

Similar to Hacking with Backtrack Lecture-2 (20)

The basics of hacking and penetration testing 이제 시작이야 해킹과 침투 테스트 kenneth.s.kwon

CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)

The FatRat

Streamline CernVM Contextualization Plugins - GSoC 2014

Wi-Fi Hotspot Attacks

After School cyber security class slides - Pat

Cybersecurity cyberlab1

Android Penetration Testing - Day 3

Finding the source of Ransomware - Wire data analytics

TriplePlay-WebAppPenTestingTools

Wireshark Packet Analyzer.pptx

General Knowledge

Penetration Testing Boot CAMP

Path of Cyber Security

Forensics WS Consolidated

Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...

Fjbt fy20 ns_ngfw_pov_lab_6_5

IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...

More from Zia Ush Shamszaman

Pdfslide.net book of-abstracts-insight-student-conference-2015

Zia Ush Shamszaman

Hacking with Backtrack Lecture-3

Zia Ush Shamszaman

Hacking with Backtrack Lecture-1

Zia Ush Shamszaman

Introduction Problems Analysis Evaluation Adaptive approach Conclusion Streams are originated from a variety of sources (physical or virtual sensors) Data is produced continuously (usually at short intervals) with a time stamp. Queries over RDF streams are executed once but continuously monitored to report any change. Different RSP Engines CQELS, C-SPARQL, SPARQLstream, EPSPARQL, ETALIS, SPARKWAVE, etc. Various features of RSP engines Query Input Data Model Execution Strategy Output Data Model Input rate Memory consumptions RSP Engines Characteristics Categorization Design Time includes aspects such as input data model, language to define processing rules, operational semantics, and supported streaming operators, etc. Run Time includes aspects such as Memory, Latency, processing & optimization techniques, quality of service (QoS), load balancing, etc. Is there any single best RSP engine that can adapt to the diverse application requirements? •There is no single best system: •according to the evaluation results and •few RSP benchmarks. •The different features of RSP affects: •user satisfaction, and •RSP engines performance •We need an adaptive middleware which can: •bridge the gap between applications and RSP engines •can satisfy diverse user requirements

On the need for applications aware adaptive middleware in real-time RDF data ...

Zia Ush Shamszaman

RSP Engines e.g. CQELS, C-SPARQL, SPARQLstream, EPSPARQL, ETALIS, SPARKWAVE differ in various aspects, Query language Input data model Execution strategy Output data Model, and more. The performance of existing RSP engines are affected by the different query sets and data sets in different benchmarks. An adaptive approach to RSP can improve efficiency and correctness by serving a broader category of application requirements. The adaptive approach is capable to adapt to dynamic application requirements and properties of data streams at run-time with improved scalability.

On the need for applications aware adaptive middleware in real-time RDF data ...

Zia Ush Shamszaman

Class lecture of Data Structure and Algorithms and Python. Stack, Queue, Tree, Python, Python Code, Computer Science, Data, Data Analysis, Machine Learning, Artificial Intellegence, Deep Learning, Programming, Information Technology, Psuedocide, Tree, pseudocode, Binary Tree, Binary Search Tree, implementation, Binary search, linear search, Binary search operation, real-life example of binary search, linear search operation, real-life example of linear search, example bubble sort, sorting, insertion sort example, stack implementation, queue implementation, binary tree implementation, priority queue, binary heap, binary heap implementation, object-oriented programming, def, in BST, Binary search tree, Red-Black tree, Splay Tree, Problem-solving using Binary tree, problem-solving using BST, inorder, preorder, postorder

L 19 ct1120

L 18 ct1120

L 17 ct1120

L 15 ct1120

L 14-ct1120

linear search and binary search, Class lecture of Data Structure and Algorithms and Python. Stack, Queue, Tree, Python, Python Code, Computer Science, Data, Data Analysis, Machine Learning, Artificial Intellegence, Deep Learning, Programming, Information Technology, Psuedocide, Tree, pseudocode, Binary Tree, Binary Search Tree, implementation, Binary search, linear search, Binary search operation, real-life example of binary search, linear search operation, real-life example of linear search, example bubble sort, sorting, insertion sort example, stack implementation, queue implementation, binary tree implementation, priority queue, binary heap, binary heap implementation, object-oriented programming, def, in BST, Binary search tree, Red-Black tree, Splay Tree, Problem-solving using Binary tree, problem-solving using BST, inorder, preorder, postorder

linear search and binary search

Zia Ush Shamszaman

Bangladesh

Zia Ush Shamszaman

More from Zia Ush Shamszaman (12)

Pdfslide.net book of-abstracts-insight-student-conference-2015

Hacking with Backtrack Lecture-3

Hacking with Backtrack Lecture-1

On the need for applications aware adaptive middleware in real-time RDF data ...

L 19 ct1120

L 18 ct1120

L 17 ct1120

L 15 ct1120

L 14-ct1120

linear search and binary search

Bangladesh

Recently uploaded

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”. All of this illustrated with link prediction over knowledge graphs, but the argument is general.

Neuro-symbolic is not enough, we need neuro-*semantic*

Frank van Harmelen

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

I'm excited to share my latest predictions on how AI, robotics, and other technological advancements will reshape industries in the coming years. The slides explore the exponential growth of computational power, the future of AI and robotics, and their profound impact on various sectors. Why this matters: The success of new products and investments hinges on precise timing and foresight into emerging categories. This deck equips founders, VCs, and industry leaders with insights to align future products with upcoming tech developments. These insights enhance the ability to forecast industry trends, improve market timing, and predict competitor actions. Highlights: ▪ Exponential Growth in Compute: How $1000 will soon buy the computational power of a human brain ▪ Scaling of AI Models: The journey towards beyond human-scale models and intelligent edge computing ▪ Transformative Technologies: From advanced robotics and brain interfaces to automated healthcare and beyond ▪ Future of Work: How automation will redefine jobs and economic structures by 2040 With so many predictions presented here, some will inevitably be wrong or mistimed, especially with potential external disruptions. For instance, a conflict in Taiwan could severely impact global semiconductor production, affecting compute costs and related advancements. Nonetheless, these slides are intended to guide intuition on future technological trends.

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Peter Udo Diehl

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Abida Shariff

The Future of Platform Engineering

Jemma Hussein Allen

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

Knowledge engineering: from people to machines and back

Elena Simperl

Recently uploaded (20)

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Neuro-symbolic is not enough, we need neuro-*semantic*

Essentials of Automations: Optimizing FME Workflows with Parameters

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

The Future of Platform Engineering

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

FIDO Alliance Osaka Seminar: Overview.pdf

Assuring Contact Center Experiences for Your Customers With ThousandEyes

UiPath Test Automation using UiPath Test Suite series, part 3

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

How world-class product teams are winning in the AI era by CEO and Founder, P...

"Impact of front-end architecture on development cost", Viktor Turskyi

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

PHP Frameworks: I want to break free (IPC Berlin 2024)

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Knowledge engineering: from people to machines and back

Hacking with Backtrack Lecture-2

1. HACKING WITH BACKTRACK 5 Zia Ush Shamszaman ANLAB, ICE, HUFS Date: 20130412

2. !!Caution!! This material is for educational purpose only. We don't intend to ha ck, crack or anything about cyber crime

3. Open a terminal in Back track

4. Check your Network and Internet • Open a terminal type “Ping www.google.com” • If not working then do this… • Application > Internet > Wicd Network Manager • Select Wire/Wireless • Click the Connect button • If still have problem then check your Virtual box n etwork option

5. Using apt-get command • root@bt:~# • apt-get update && apt-get upgrade && apt-get dist-upgrade

6. Information Gathering • Copying the victim web site • HTTrack is a tool that can copy a website page-by-page a nd we browse it offline • Step-1: Open a terminal • Step-2: Type “apt-get install httrack” // This will install the package if it is not available in your system • Step-3: Type “httrack” • Step-4: Enter project name • Step-5: Enter the location where the site will be stored • Example: /root/test • Step-6: Enter the URL of the victim site

7. Domain Information Collection • Whois command • Usinf this command you can collect the domain informatio n of the victim • Open a terminal • Type: “whois <victimdomain>” • Example: whois hufs.ac.kr • www.domaintools.com is also an useful web tool to dig a particular domain name.

8. Collecting email id • Step-1: Open a terminal • Step-2: Type “msfconsole” // This is a special tool of ba cktrack • Step-3: Type “use gather/search_email_collector” • Step-4: Type “show options” • Step-5: Type: “set DOMAIN <victimedomain_name>” • Example: Type “run” See the magic

9. Collect Victim information by “Zenmap” • Application>Internet>Zenmap • Enter victim IP address/Domain name in the “Target” • Select a scan type in the “Profile” • Check Hosts and Service in the left panel • Select a service to check the open port • Check Topology • Check Host Details • Check Nmap output

10. How to use Wireshark • Application > Backtrack > Forensics> Network Forensics> Wireshark • Select the Interface, e.g eth0 • Select Start • See the live packets area transferring through the interfac e • Go to capture menu • Stop the capture process • Go to File menu and Save it in Desktop • Go to File menu and open the captured fil Now its all yours..Play with it !! J

11. Man in the Middle Attack

12. Man in the Middle Attack Before we going to start ettercap we have to configure the /etc/etter.conf file at /etc.etter.conf Remove two # from here

13. Step-1

14. Step-2

15. Step-3

16. Step-4

17. Step-5

18. Step-6 Add the Gateway

19. Step-7 Select Victim IP

20. Step-8

21. Step-9

22. Step-10

23. Step-11

24. Step-12