You are previewing Penetration Testing with BackBox.
O'Reilly logo
Penetration Testing with BackBox

Book Description

This tutorial will immerse you in the fascinating environment of penetration testing. Thoroughly practical and written for ease of understanding, it will give you the insights and knowledge you need to start using BackBox.

In Detail

BackBox is an amazing Linux security distribution designed to keep in mind the needs of security and system administration specialists. It has been developed to perform penetration tests and security assessments. Designed to be fast and easy to use while providing a minimal yet complete desktop environment, Backbox comes with its own software repositories and is continually updated to the latest stable version of the most widely used and best-known ethical hacking tools.

This book provides an exciting introduction to BackBox Linux in order give you familiarity with and understanding of this amazing Linux security distro, making you feel comfortable with both the subject of pen-testing and BackBox. The book progresses through topics based on standard cases of penetration testing from the initial steps to the final procedures.

This book will help you discover the exciting world of penetration testing through a series of step-by-step, practical lessons. Penetration Testing with BackBox is organized into eight chapters. Starting with an introduction to BackBox Linux in order to give you a solid grounding of this amazing Linux security distro, including both its design philosophy and feature set, before moving on to practical tutorials in using BackBox. The book is arranged in a chronological order based on standard cases of penetration testing. For those more experienced in the use of penetration testing tools, each chapter can be read independently, providing a detailed overview of how BackBox will augment your arsenal of tools at each step of the penetration testing process.

Throughout this book, you will be given a clear picture of IT security cases by having one of the most popular topics of penetration testing demonstrated in a user-friendly way. By the end of the book, you will have learned all the fundamental skills needed to use BackBox for ethical hacking.

What You Will Learn

  • Perform reconnaissance and collect information about an unknown system
  • Perform vulnerability scanning, management, and assessment, as well as understand false positives
  • Understand how SQL injection attacks work and find injectable pages on a web server
  • Sniff the network to capture sensitive data and learn different methods of privilege escalation
  • Maintain permanent access on a target server once access is initially granted
  • Use exploitation tools like Metasploit to exploit the reported vulnerabilities
  • Learn how to document and generate reports from the entire auditing process
  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. Penetration Testing with BackBox
      1. Table of Contents
      2. Penetration Testing with BackBox
      3. Credits
      4. About the Author
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers and more
          1. Why Subscribe?
          2. Free Access for Packt account holders
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Starting Out with BackBox Linux
        1. A flexible penetration testing distribution
        2. The organization of tools in BackBox
          1. Information Gathering
          2. Vulnerability Assessment
          3. Exploitation
          4. Privilege Escalation
          5. Maintaining Access
          6. Documentation & Reporting
          7. Reverse Engineering
          8. Social Engineering
          9. Stress Testing
          10. Forensic Analysis
          11. VoIP Analysis
          12. Wireless Analysis
          13. Miscellaneous
        3. Services
        4. Update
        5. Anonymous
        6. Extras
        7. Completeness, accuracy, and support
        8. Links and contacts
        9. Summary
      9. 2. Information Gathering
        1. Starting with an unknown system
          1. Automater
          2. Whatweb
          3. Recon-ng
        2. Proceeding with a known system
          1. Nmap
        3. Summary
      10. 3. Vulnerability Assessment and Management
        1. Vulnerability scanning
          1. Setting up the environment
          2. Running the scan with OpenVAS
        2. False positives
          1. An example of vulnerability verification
        3. Summary
      11. 4. Exploitations
        1. Exploitation of a SQL injection on a database
          1. Sqlmap usage and vulnerability exploitation
          2. Finding the encrypted password
        2. Exploiting web applications with W3af
        3. Summary
      12. 5. Eavesdropping and Privilege Escalation
        1. Sniffing encrypted SSL/TLS traffic
          1. An SSL MITM attack using sslstrip
        2. Password cracking
          1. Offline password cracking using John the Ripper
          2. Remote password cracking with Hydra and xHydra
        3. Summary
      13. 6. Maintaining Access
        1. Backdoor Weevely
          1. Weevely in URL
          2. Performing system commands
          3. Enumerating config files
          4. Getting access credentials
          5. Editing files
          6. Gathering full system information
        2. Summary
      14. 7. Penetration Testing Methodologies with BackBox
        1. Information gathering
          1. Scanning
          2. Exploitation
        2. Summary
      15. 8. Documentation and Reporting
        1. MagicTree – the auditing productivity tool
        2. Summary
      16. Index