You are previewing BackTrack 5 Cookbook.
O'Reilly logo
BackTrack 5 Cookbook

Book Description

"

Over 90 recipes to execute many of the best known and little known penetration-testing aspects of BackTrack 5 with this book and ebook.

  • Learn to perform penetration tests with BackTrack 5

  • Nearly 100 recipes designed to teach penetration testing principles and build knowledge of BackTrack 5 Tools

  • Provides detailed step-by-step instructions on the usage of many of BackTrack’s popular and not-so- popular tools

In Detail

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. BackTrack is a distribution based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm.

"BackTrack 5 Cookbook" provides you with practical recipes featuring many popular tools that cover the basics of a penetration test: information gathering, vulnerability identification, exploitation, priviledge escalation, and covering your tracks.

The book begins by covering the installation of BackTrack 5 and setting up a virtual environment to perform your tests.

We then dip into recipes involving the basic principles of a penetration test such as information gathering, vulnerability identification, and exploitation. You will further learn about privilege escalation, radio network analysis, Voice over IP, Password cracking, and BackTrack forensics.

"BackTrack 5 Cookbook" will serve as an excellent source of information for the security professional and novice alike.

"

Table of Contents

  1. BackTrack 5 Cookbook
    1. Table of Contents
    2. BackTrack 5 Cookbook
    3. Credits
    4. About the Authors
    5. About the Reviewers
    6. www.PacktPub.com
      1. Support files, eBooks, discount offers and more
        1. Why Subscribe?
        2. Free Access for Packt account holders
    7. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Errata
        2. Piracy
        3. Questions
    8. 1. Up and Running with BackTrack
      1. Introduction
      2. Installing BackTrack to a hard disk drive
        1. Getting ready
        2. How to do it...
      3. Installing BackTrack to a USB drive with persistent memory
        1. Getting ready
        2. How to do it...
      4. Installing BackTrack on VirtualBox
        1. Getting ready
        2. How to do it...
      5. Installing BackTrack using VMware Tools
        1. Getting ready
        2. How to do it...
        3. How it works...
      6. Fixing the splash screen
        1. How to do it...
      7. Changing the root password
        1. How to do it...
      8. Starting network services
        1. Getting ready
        2. How to do it...
      9. Setting up the wireless network
        1. How to do it...
        2. How it works...
    9. 2. Customizing BackTrack
      1. Introduction
      2. Preparing kernel headers
        1. Getting ready
        2. How to do it...
      3. Installing Broadcom drivers
        1. Getting ready
        2. How to do it...
      4. Installing and configuring ATI video card drivers
        1. Getting ready
        2. How to do it...
      5. Installing and configuring NVIDIA video card drivers
        1. Getting ready
        2. How to do it...
      6. Applying updates and configuring extra security tools
        1. How to do it...
      7. Setting up ProxyChains
        1. How to do it...
      8. Directory encryption
        1. How to do it...
        2. How it works…
    10. 3. Information Gathering
      1. Introduction
      2. Service enumeration
        1. How to do it...
      3. Determining the network range
        1. How to do it...
        2. How it works...
      4. Identifying active machines
        1. How to do it...
      5. Finding open ports
        1. Getting ready
        2. How to do it...
        3. How it works…
        4. There's more...
      6. Operating system fingerprinting
        1. Getting ready
        2. How to do it...
      7. Service fingerprinting
        1. How to do it...
      8. Threat assessment with Maltego
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      9. Mapping the network
        1. How to do it...
        2. How it works...
        3. There's more...
    11. 4. Vulnerability Identification
      1. Introduction
      2. Installing, configuring, and starting Nessus
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      3. Nessus – finding local vulnerabilities
        1. Getting ready
        2. How to do it...
      4. Nessus – finding network vulnerabilities
        1. Getting ready
        2. How to do it...
      5. Nessus – finding Linux-specific vulnerabilities
        1. Getting ready
        2. How to do it...
      6. Nessus – finding Windows-specific vulnerabilities
        1. Getting ready
        2. How to do it...
      7. Installing, configuring, and starting OpenVAS
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Using the OpenVAS Desktop
      8. OpenVAS – finding local vulnerabilities
        1. How to do it...
        2. How it works...
        3. There's more...
      9. OpenVAS – finding network vulnerabilities
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      10. OpenVAS – finding Linux-specific vulnerabilities
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      11. OpenVAS – finding Windows-specific vulnerabilities
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
    12. 5. Exploitation
      1. Introduction
      2. Implementing exploits from BackTrack
        1. How to do it...
        2. How it works…
      3. Installing and configuring Metasploitable
        1. Getting ready
        2. How to do it...
        3. How it works...
      4. Mastering Armitage – the graphical management tool for Metasploit
        1. Getting ready
        2. How to do it...
        3. See also
      5. Mastering the Metasploit Console (MSFCONSOLE)
        1. Getting ready
        2. How to do it...
        3. There's more...
      6. Mastering the Metasploit CLI (MSFCLI)
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      7. Mastering Meterpreter
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      8. Metasploitable MySQL
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      9. Metasploitable PostgreSQL
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      10. Metasploitable Tomcat
        1. Getting ready
        2. How to do it...
        3. How it works...
      11. Metasploitable PDF
        1. Getting ready
        2. How to do it...
        3. How it works...
      12. Implementing the browser_autopwn module
        1. Getting ready
        2. How to do it...
        3. How it works...
    13. 6. Privilege Escalation
      1. Introduction
      2. Using impersonation tokens
        1. Getting ready
        2. How to do it...
        3. How it works...
      3. Local privilege escalation attack
        1. Getting ready
        2. How to do it...
        3. How it works...
      4. Mastering the Social-Engineer Toolkit (SET)
        1. How to do it...
        2. How it works...
        3. There's more...
          1. Delivering your payload to the victim
      5. Collecting victims' data
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      6. Cleaning up the tracks
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Creating a persistent backdoor
        1. Getting ready
        2. How to do it...
        3. How it works...
      8. Man-in-the-middle attack (MITM)
        1. Getting ready
        2. How to do it...
        3. How it works...
    14. 7. Wireless Network Analysis
      1. Introduction
      2. Cracking a WEP wireless network
        1. Getting ready
        2. How to do it...
        3. How it works...
      3. Cracking a WPA/WPA2 wireless network
        1. Getting ready
        2. How to do it...
        3. How it works...
      4. Automating wireless network cracking
        1. Getting ready
        2. How to do it...
        3. How it works...
      5. Accessing clients using a fake AP
        1. Getting ready
        2. How to do it...
        3. How it works...
      6. URL traffic manipulation
        1. How to do it...
        2. How it works...
      7. Port redirection
        1. How to do it...
        2. How it works...
      8. Sniffing network traffic
        1. Getting ready
        2. How to do it...
        3. How it works...
      9. Accessing an e-mail by stealing cookies
        1. How to do it...
        2. How it works...
    15. 8. Voice over IP (VoIP)
      1. Introduction
      2. Using Svmap
        1. Getting ready
        2. How to do it...
        3. How it works...
      3. Finding valid extensions
        1. Getting ready
        2. How to do it...
        3. How it works...
      4. Monitoring, capturing, and eavesdropping on VoIP traffic
        1. Getting ready
        2. How to do it...
        3. How it works...
      5. Using VoIPong
        1. Getting ready
        2. How to do it...
        3. How it works...
      6. Mastering UCSniff
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Mastering Xplico
        1. Getting ready
        2. How to do it...
        3. How it works...
      8. Capturing SIP authentication
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      9. Mastering VoIP Hopper
        1. Getting ready
        2. How to do it...
      10. Causing a denial of service
        1. Getting ready
        2. How to do it...
        3. How it works...
      11. Attacking VoIP using Metasploit
        1. Getting ready
        2. How to do it...
        3. How it works...
      12. Sniffing DECT phones
        1. Getting ready
        2. How to do it...
        3. How it works...
    16. 9. Password Cracking
      1. Introduction
      2. Online password attacks
        1. Getting ready
        2. How to do it...
        3. How it works...
      3. Cracking HTTP passwords
        1. Getting ready
        2. How to do it...
      4. Gaining router access
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Types of modules
      5. Password profiling
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      6. Cracking a Windows password using John the Ripper
        1. Getting ready
        2. How to do it...
        3. How it works…
      7. Using dictionary attacks
        1. Getting ready
        2. How to do it...
        3. How it works...
      8. Using rainbow tables
        1. How to do it...
        2. How it works...
      9. Using NVIDIA Compute Unified Device Architecture (CUDA)
        1. Getting ready
        2. How to do it...
        3. How it works…
      10. Using ATI Stream
        1. Getting ready
        2. How to do it...
        3. How it works…
      11. Physical access attacks
        1. Getting ready
        2. How to do it...
        3. How it works...
    17. 10. BackTrack Forensics
      1. Introduction
      2. Intrusion detection and log analysis
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more…
      3. Recursive directory encryption/decryption
        1. Getting ready
        2. How to do it...
        3. How it works…
      4. Scanning for signs of rootkits
        1. Getting ready
        2. How to do it...
        3. How it works…
        4. There's more...
          1. Useful alternative command options for chkrootkit
          2. Useful alternative command options for rkhunter
      5. Recovering data from a problematic source
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      6. Retrieving a Windows password
        1. Getting ready
        2. How to do it...
        3. How it works...
      7. Resetting a Windows password
        1. Getting ready
        2. How to do it...
      8. Looking at the Windows registry entries
        1. Getting ready
        2. How to do it...
        3. How it works...
    18. Index