BackTrack 5 tutorial Part I: Information gathering and VA tools



Similar documents
June 2014 WMLUG Meeting Kali Linux

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Social Engineering Toolkit

Vulnerability analysis

Deciphering The Prominent Security Tools Ofkali Linux

Penetration Testing. Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014

Hackers are here. Where are you?

Vulnerability Assessment Lab

Client logo placeholder XXX REPORT. Page 1 of 37

Ethical Hacking Course Layout

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Introduction to Laboratory Assignment 3 Vulnerability scanning with OpenVAS

NETWORK PENETRATION TESTING

by Penetration Testing

WordPress Security Scan Configuration

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

System Specification. Author: CMU Team

Network Penetration Testing


Vulnerability Assessment

Cyber Essentials. Test Specification

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

Maltego Tungsten as a collaborative attack platform BlackHat 2013

Course Content: Session 1. Ethics & Hacking

Secret Server Qualys Integration Guide

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

Penetration Testing. Presented by

!!!!!!!!!!!!!!!!!!!!!!

SYWorks Vulnerable Web Applications Compilation For Penetration Testing Installation Guide

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Online Vulnerability Scanner Quick Start Guide

IDS and Penetration Testing Lab II

Penetration Testing. Security Testing

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

Digi Device Cloud: Security You Can Trust

Penetration Testing Workshop

CIT 480: Securing Computer Systems. Vulnerability Scanning and Exploitation Frameworks

Penetration Testing. What Is a Penetration Testing?

Vulnerability Scanning & Management

Pentests more than just using the proper tools

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

Tenable for CyberArk

8 Steps for Network Security Protection

This tutorial has been prepared for beginners to help them understand the basics of Penetration Testing and how to use it in practice.

8 Steps For Network Security Protection

Vulnerability Assessment. A. Open Vulnerability Assessment (OpenVAS)

Hackers are here. Where are you?

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Five Steps to Improve Internal Network Security. Chattanooga Information security Professionals

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

Pentests: Exposing real world attacks

Exam 1 - CSIS 3755 Information Assurance

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson

Security Certifications. Presentatie SecCert 101 Jordy Kersten MSc., ISC2 Ass., CEH, OSCP

SecurityCenter 5.1 with Nessus Agent Support. October 22, 2015

Anatomy of an ethical penetration test

Course Title: Penetration Testing: Security Analysis

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Pentests more than just using the proper tools

An Introduction to Network Vulnerability Testing

Department of Computer Science and Technology, UTU 2014

EC-Council Certified Security Analyst (ECSA)

IDS and Penetration Testing Lab ISA656 (Attacker)

CRYPTUS DIPLOMA IN IT SECURITY

Vulnerability Assessment and Penetration Testing

Hands-on Hacking Unlimited

VMware: Advanced Security

THE OPEN UNIVERSITY OF TANZANIA

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Penetration Testing 2014

Installing and Configuring Nessus by Nitesh Dhanjani

Using Nessus In Web Application Vulnerability Assessments

Penetration Testing Getting the Most out of Your Assessment. Chris Wilkinson Crowe Horwath LLP September 22, 2010

Demystifying Penetration Testing

JOOMLA SECURITY. ireland website design. by Oliver Hummel. ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City

Conducting Web Application Pentests. From Scoping to Report For Education Purposes Only

1. Why is the customer having the penetration test performed against their environment?

Tenable Network Security Support Portal. January 12, 2015 (Revision 14)

All the materials and/or graphics included in the IceThemetheme folders MUST be used ONLY with It TheCityTheme from IceTheme.com.

Vinny Hoxha Vinny Hoxha 12/08/2009

Penetration Testing: Lessons from the Field

Andreas Dittrich, Philipp Reinecke Testing of Network and System Security. example.

Self Service Penetration Testing

Chris Gates

Armitage. Part 1. Author : r45c4l Mail : infosecpirate@gmail.com.

Vulnerability management lifecycle: defining vulnerability management

Detecting SQL Injection Vulnerabilities in Web Services

TECHNICAL NOTE 08/04 IINTRODUCTION TO VULNERABILITY ASSESSMENT TOOLS

Web Application Vulnerability Testing with Nessus

Telecom Testing and Security Certification. A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments

Transcription:

P a g e 1 BackTrack 5 tutorial Part I: Information gathering and VA tools Karthik R, Contributor You can read the original story here, on SearchSecurity.in. BackTrack 5, codenamed Revolution, the much awaited penetration testing framework, was released in May 2011. It is a major development over BackTrack4 R2. BackTrack 5 is said to be built from scratch, and has seen major improvements as well as bug fixes over previous versions. BackTrack is named after a search algorithm called backtracking. BackTrack 5 tools range from password crackers to full-fledged penetration testing tools and port scanners. BackTrack has 12 categories of tools, as shown in Figure 1 of this tutorial. Penetration testers usually perform their test attacks in five phases: 1. Information gathering 2. Scanning and vulnerability assessment 3. Gaining access to the target 4. Maintaining access with the target 5. Clearing tracks Figure 1: Categories of tools in BackTrack 5 In this tutorial, we will look at the information gathering and vulnerability assessment tools in BackTrack 5. Information gathering Information gathering is the first and most important phase in penetration testing. In this phase, the attacker gains information about aspects such as the target network, open ports, live hosts and services running on each port. This creates an organizational profile of the target, along with the systems and networks in use. Figure 3 of this

P a g e 2 Figure 2: Zenmap UI in BackTrack 5 tutorial is a screenshot of Zenmap, the BackTrack information gathering and network analysis tool. The intense scan mode in Zenmap provides target information such as services running on each port, the version, the target operating system, network hop distance, workgroups and user accounts. This information is especially useful for white box testing. Other BackTrack 5 information gathering tools of interest are CMS identification and IDS-IPS identification for web application analysis. CMS identification gives information about the underlying CMS, which can be used to do a vulnerability research on the CMS and gather all the available exploits to test the target system. The joomscan tool (for the Joomla CMS) is covered later in this tutorial.

P a g e 3 Figure 3: Maltego UI in BackTrack 5 Another interesting and powerful tool is Maltego, generally used for SMTP analysis. Figure 4 of this tutorial shows Maltego in action. The Palette in Maltego shows the DNS name, domain, location, URL, email, and other details about the website. Maltego uses various transformations on these entities to give the pen tester necessary details about the target. Views such as mining view, edge weighted view, etc, provide a graphical representation of the data obtained about a particular target. Vulnerability assessment The second phase in pen testing is vulnerability assessment. After gaining some initial information and an organizational profile of the target through conclusive foot-printing, we will assess the weak spots or vulnerabilities in the system. There are a number of vulnerability databases available online for ready use, but we will focus on what BackTrack 5 has to offer in this tutorial.

P a g e 4 Figure 4: Joomscan in action Web application scanners are used to assess website vulnerabilities. Figure 5 of this tutorial shows joomscan in action. Joomscan is meant for Joomla-based websites and reports vulnerabilities pre-stored in the repository. Joomscan can be run with the following command:./joomscan.pl u <string> -x proxy:port Here <string> is the target Joomla website. Joomscan has options for version detection, server check, firewall activity, etc. As can be seen in Figure 5 of this BackTrack 5 tutorial, the target Joomla website is running on an Apache server using PHP version 5.5.16. OpenVAS (Open Vulnerability Assessment System) on BackTrack 5: Opening Applications -> Backtrack -> Vulnerability scanners -> OpenVAS will give you the list of options shown in Figure 6 of this tutorial.

P a g e 5 Figure 5: OpenVAS options in BackTrack 5 OpenVAS is a powerful tool for performing vulnerability assessments on a target. Before doing the assessment, it is advisable to set up a certificate using the OpenVAS MkCert option. After that, we will add a new user from the menu in this BackTrack 5 tutorial. The user can be customized by applying rules, or assigned an empty set by pressing Ctrl+D. Once a new user has been added with login and other credentials, we can go ahead with the assessment part of this tutorial.

P a g e 6 Figure 6: Adding a user with OpenVAS OpenVAS works on the client/server model in the assessment process. You should regularly update the arsenal to perform efficient tests. OpenVAS vs Nessus Scanner Nessus Scanner is another vulnerability assessment tool for carrying out automated assessments. Let s take a look at the difference between the two in the next step of this tutorial. Nessus has two versions, free and paid, while OpenVAS is completely free. Recent observations have shown that the plug-in feed from these two scanners is considerably different, and depending on only one tool is not recommended, as automated scanners can throw up lots of false positives. Clubbing manual scanners with other tools, alongside automated scanners, is recommended for doing a comprehensive assessment of the target. BackTrack 5 also offers other tools under this category including CISCO tools, which are meant for CISCObased networking hardware. Fuzzers are also available, categorized as network fuzzers and VOIP fuzzers.

P a g e 7 It s evident from the above tutorial that Backtrack 5 has a lot in offer in terms of information gathering and vulnerability assessment. In this tutorial, I have made an effort to show the one or two tools which I felt would be most useful to readers. It s best to try out all tools so that you have first-hand experience of BackTrack 5, and the power it brings to a pen tester s arsenal. In subsequent tutorials, we shall see how Backtrack 5 facilitates exploitation of a target. Step this way to read the next installment of our BackTrack 5 tutorial, which deals with exploits of remote systems. About the author: Karthik R is a member of the NULL community. Karthik completed his training for EC-council CEH in December 2010, and is at present pursuing his final year of B.Tech. in Information Technology, from National Institute of Technology, Surathkal. Karthik can be contacted on rkarthik.poojary@gmail.com. He blogs at http://www.epsilonlambda.wordpress.com You can subscribe to our twitter feed at @SearchSecIN. You can read the original story here, on SearchSecurity.in.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information