Hacking Techniques & Intrusion Detection

Similar documents
Building a Penetration Testing Virtual Computer Laboratory

Intelligence Gathering. n00bpentesting.com

User Manual of the Pre-built Ubuntu Virutal Machine

Hacking Techniques & Intrusion Detection

Lab Objectives & Turn In

Corso di Configurazione e Gestione di Reti Locali

Create a virtual machine at your assigned virtual server. Use the following specs

Penetration Testing LAB Setup Guide

Post Exploitation. n00bpentesting.com

Connections and wiring Diagram

IP Address: the per-network unique identifier used to find you on a network

How to Create, Setup, and Configure an Ubuntu Router with a Transparent Proxy.

Hacking Techniques & Intrusion Detection

CDH installation & Application Test Report

Configuring Ubuntu Server as a Firewall and Reverse Proxy for OWA 2007 Configuration Guide

HP SDN VM and Ubuntu Setup

User Manual of the Pre-built Ubuntu 9 Virutal Machine

Bringing the Eko VM Home (302)

Linux Networking Basics

Linux Terminal Server Project

Using VirtualBox ACHOTL1 Virtual Machines

Introduction. Created by Richard Bell 10/29/2014

Author: Sumedt Jitpukdebodin. Organization: ACIS i-secure. ID: My Blog:

Advantech AE Technical Share Document

SI455 Advanced Computer Networking. Lab2: Adding DNS and Servers (v1.0) Due 6 Feb by start of class

Deployment - post Xserve

The BackTrack Successor

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

Introduction to Operating Systems

Symantec Cyber Readiness Challenge Player s Manual

NYU-Poly VLAB Introduction LAB 0

Workshop on Scientific Applications for the Internet of Things (IoT) March

Using the DHCP protocol for a denial-of

System Admin Module User Guide. Schmooze Com Inc.

SETTING UP AND USING A CYBER SECURITY LAB FOR EDUCATION PURPOSES *

Setting up VNC, SAMBA and SSH on Ubuntu Linux PCs Getting More Benefit out of Your Local Area Network

Why do I need a pen test lab? Requirements. Virtual Machine Downloads

Smartphone Pentest Framework v0.1. User Guide

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection

Turn-Key Penetration Testing Labs

Lab 1: Network Devices and Technologies - Capturing Network Traffic

Comodo MyDLP Software Version 2.0. Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

Sponsor. Categories. Ubuntu Linux Tutorials,Howtos,Tips & News Quantal,Precise,Oneiric

Trend Micro Encryption Gateway 5

Getting started with ARM-Linux

Procedure to Create and Duplicate Master LiveUSB Stick

Operating System Installation Guidelines

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

APPLICATION NOTE. How to build pylon applications for ARM

How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu

How to hack a website with Metasploit

Hardened Hosting. Quintin Russ. OWASP New Zealand Chapter th December 2011

CS179i: Guide - Virtual Machine Setup and Internal Networking in Alpha Lab

Kevin Cardwell. Toolkits: All-in-One Approach to Security

Installing Virtual Coordinator (VC) in Linux Systems that use RPM (Red Hat, Fedora, CentOS) Document # 15807A1-103 Date: Aug 06, 2012

HOWTO: Set up a Vyatta device with ThreatSTOP in router mode

How to Setup a Dedicated Web Server for Free

SETTING UP A LAMP SERVER REMOTELY

pp=pod number, xxx=static IP address assigned to your pod

50.XXX is based on your station number

June 2014 WMLUG Meeting Kali Linux

Basic Linux & Package Management. Original slides from GTFO Security

Penetration Testing LAB Setup Guide

Syncplicity On-Premise Storage Connector

A New Era. A New Edge. Phishing within your company

Laboration 3 - Administration

CS197U: A Hands on Introduction to Unix

Raspberry Pi Webserver

An Oracle White Paper July Oracle VM 3: Building a Demo Environment using Oracle VM VirtualBox

ODP REGIONAL NODE DEPLOYMENT QUICK GUIDE FOR TRAININGS

ITIS 2110 Lab 11: Domain Name Server. Tyler Everhart 11/12/2010

Redhat 6.2 Installation Howto -Basic Proxy and Transparent

HOWTO: Set up a Vyatta device with ThreatSTOP in bridge mode

Lab 1: Introduction to the network lab

1. LAB SNIFFING LAB ID: 10

Kali Linux Cookbook. Willie L. Pritchett David De Smet. Chapter No. 9 "Wireless Attacks"

IT Essentials II: Network Operating Systems V 3.0

CPE111 COMPUTER EXPLORATION

Setting up a Raspberry Pi as a WiFi access point

Offline Scanner Appliance

Testing New Applications In The DMZ Using VMware ESX. Ivan Dell Era Software Engineer IBM

Red Hat Linux 7.2 Installation Guide

INASP: Effective Network Management Workshops

PasserellesNumeriquesCambodia (PNC)

System administration basics

A Web Development Environment

Apache and Virtual Hosts Exercises

Vulnerability Assessment Lab

INUVIKA TECHNICAL GUIDE

IP-PBX Quick Start Guide

Cloud Storage Quick Start Guide

How To Use Openstack On Your Laptop

Modeling Networks And Services with VirtualBox. Alan Whinery U. Hawaii ITS

How to Enable Internet for Guest Virtual Machine using Wi-Fi wireless Internet Connection.

Note: Guide not yet tested in the SFU Surrey Linux Lab (SUR4080). Some changes may be needed.

Advanced Internetworking

Hadoop Multi-node Cluster Installation on Centos6.6

Metasploit ing the target machine is a fascinating subject to all security professionals. The rich list of exploit codes and other handy modules of

Lab 7 - Exploitation 1. NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy

Transcription:

Hacking Techniques & Intrusion Detection Winter Semester 2012/2013 Dr. Ali Al-Shemery aka: B!n@ry

<< backtrack the quieter you become, the more you re able to hear!!!

Dr. Ali Al-Shemery (aka: B!n@ry) 3

Backtrack 5 R3 About BackTrack Installing BackTrack 5 R3 I Know Your Password! Starting X Configuring Network (DHCP Static) Configuring Basic Network Services Exploring the Pentest Directory Keeping Your Arsenal up2date Knowing Your Toolbox Backtrack 5 R3 Toolbox Other Useful CLI s Dr. Ali Al-Shemery (aka: B!n@ry) 4

About BackTrack First release was 2007. The evolution of BackTrack spans many years of development, penetration tests, and unprecedented help from the security community. BackTrack originally started with earlier versions of live Linux distributions called Whoppix, WHAX, and Auditor. When BackTrack was developed, it was designed to be an all in one live cd used on security audits and was specifically crafted to not leave any remnants of itself on the laptop. It has since expanded to being the most widely adopted penetration testing framework in existence and is used by the security community all over the world. Dr. Ali Al-Shemery (aka: B!n@ry) 5

Installing BackTrack BackTrack can be installed in different ways, I recommend you installing it using Virtualbox (Open Source). By using Virtualbox, its easy to copy, replicate and clone the whole system in case something wrong happens. No need to dedicate a machine for the system, use resources already available (only if you want to pay the price of getting a new machine). Dr. Ali Al-Shemery (aka: B!n@ry) 6

I Know Your Password!!! Change your Password, before some1 does! Imagine getting into war and your own machinery store is played with by someone behind your lines, the enemy! Before doing any security tests for people, you must protect yourself. Start that by changing the BackTrack s default password (root/toor): # passwd Dr. Ali Al-Shemery (aka: B!n@ry) 7

Starting X You prefer to work in a GUI environment with windows and a mouse? All you need is to start the X Window System: # startx Just as simple as that!!! Dr. Ali Al-Shemery (aka: B!n@ry) 8

Configuring Network (DHCP Static) Dynamic Configuration (DHCP): # dhclient OR # /etc/init.d/networking restart Manual Configuration (Static) # ifconfig eth0 up # ifconfig eth0 [youripaddress] netmask [your netmask] # route add default gw [your gateway] eth0 # echo nameserver [yourdns]> /etc/resolv.conf Dr. Ali Al-Shemery (aka: B!n@ry) 9

Configuring Basic Network Services Sometimes you need to test stuff locally, or import data to a database, or even copy files. That s why Backtrack comes with a different set of services we can use for such scenarios: SSH (OpenSSH) FTP (vsftpd) Web (Apache) Database (MySQL, Postgress) TFTP Dr. Ali Al-Shemery (aka: B!n@ry) 10

Exploring the Pentest Directory Going to battles without knowing what arsenal you re carrying can lead to failure! Lets take a walk through the BackTrack penetration testing tools directory. # cd /pentest Dr. Ali Al-Shemery (aka: B!n@ry) 11

Keeping Your Arsenal up2date It is very important to keep your tools up to date, New features and enhancement are added, Bugs are fixed, New tools maybe added! # apt-get update # apt-get upgrade OR # apt-get dist-upgrade Dr. Ali Al-Shemery (aka: B!n@ry) 12

Knowing Your Toolbox You want to know nearly all your toolbox? # dpkg --list You want to know if a specific tool is installed? # dpkg --list grep <tool-name> Dr. Ali Al-Shemery (aka: B!n@ry) 13

Backtrack 5 R3 Toolbox Backtrack s main toolbox categories: Information Gathering Analysis Vulnerability Assessment Exploitation Tools Privilege Escalation Maintaining Access Reverse Engineering RFID Tools Stress Testing Forensics Reporting Tools Doesn t end here!!! Dr. Ali Al-Shemery (aka: B!n@ry) 14

Other Useful CLI s Getting Help man <command-name> info <command-name> <command-name> --help GNOME Help Searching find locate <filename> GNOME Search Creating and Editing Files GNOME gedit vim nano Fetching File From Internet wget -c <URL> Installing new software/packages apt-cache <software-name> apt-get install <exact-software-name> 0.1% of what s out there!!! Dr. Ali Al-Shemery (aka: B!n@ry) 15

Taken from: Appendix Linux Ref. Linux Arab Community, http://linuxac.org Dr. Ali Al-Shemery (aka: B!n@ry) 16

Appendix The Lab What is Needed? Virtualbox BackTrack 5 R3 OWASP Broken Web Applications Project (1 NIC s needed) Slackware VM for Software Exploitation (1 NIC s needed) Windows XP/2003 (2 NIC s needed) Exploit KB, grab vulnerable software Use a Host-only Network! Others (added later) Dr. Ali Al-Shemery (aka: B!n@ry) 17

SUMMARY What is Backtrack and howto prepare it for pentesting, Available Backtrack Toolbox, Backtrack basic usage, Creating a simple lab for security testing. Dr. Ali Al-Shemery (aka: B!n@ry) 18

References [-] Backtrack Linux Distro., http://www.backtrack-linux.org/ [-] Slackware Exploitation VM, http://opensecuritytraining.info/slack12.zip [-] OWASP Broken Web Applications VM, http://downloads.sourceforge.net/project/owaspbwa/1.0/owasp_broken_web_apps_vm_1.0.7z Dr. Ali Al-Shemery (aka: B!n@ry) 19

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information