BackTrack 4: Assuring Security by Penetration Testing

BackTrack 4: Assuring Security by Penetration Testing

Master the art of penetration testing with BackTrack

Table of Contents


PART I: Lab Preparation and Testing Procedures
Chapter 1: Beginning with BackTrack 9
History 9
BackTrack purpose 9
Getting BackTrack 11
Using BackTrack 12
Live DVD 12
Installing to hard disk 13
Installation in real machine 13
Installation in VirtualBox 14
Portable BackTrack 19
Configuring network connection 21
Ethernet setup 21
Wireless setup 22
Starting the network service 24
Updating BackTrack 24
Updating software applications 25
Updating the kernel 26
Installing additional weapons 29
Nessus vulnerability scanner 30
WebSecurify 31
Customizing BackTrack 32
Summary 34


Chapter 2: Penetration Testing Methodology 37
Types of penetration testing 38
Black-box testing 38
White-box testing 39
Vulnerability assessment versus penetration testing 39
Security testing methodologies 41
Open Source Security Testing Methodology Manual (OSSTMM) 42
Key features and benefits 43
Information Systems Security Assessment Framework (ISSAF) 44
Key features and benefits 45
Open Web Application Security Project (OWASP) Top Ten 46
Key features and benefits 48
Web Application Security Consortium Threat Classification (WASC-TC) 49
Key features and benefits 50
BackTrack testing methodology 51
Target scoping 52
Information gathering 52
Target discovery 53
Enumerating target 53
Vulnerability mapping 53
Social engineering 54
Target exploitation 54
Privilege escalation 54
Maintaining access 55
Documentation and reporting 55
The ethics 55
Summary 56


PART II: Penetration Testers Armory

Chapter 3: Target Scoping 61
Gathering client requirements 62
Customer requirements form 63
Deliverables assessment form 64
Preparing the test plan 64
Test plan checklist 66
Profiling test boundaries 67
Defining business objectives 68
Project management and scheduling 69
Summary 70


Chapter 4: Information Gathering 73
Public resources 74
Document gathering 75
Metagoofil 75
DNS information 77
dnswalk 78
dnsenum 79
dnsmap 81
dnsmap-bulk 83
dnsrecon 84
fierce 85
Route information 86
0trace 86
dmitry 88
itrace 90
tcpraceroute 91
tctrace 92
Utilizing search engines 93
goorecon 93
theharvester 95
All-in-one intelligence gathering 96
Maltego 96
Documenting the information 101
Dradis 102
Summary 107


Chapter 5: Target Discovery 109
Introduction 109
Identifying the target machine 110
ping 110
arping 111
arping2 112
fping 113
genlist 115
hping2 116
hping3 117
lanmap 118
nbtscan 119
nping 121
onesixtyone 122
OS fingerprinting 122
p0f 123
xprobe2 124
Summary 126


Chapter 6: Enumerating Target 127
Port scanning 127
AutoScan 131
Netifera 134
Nmap 136
Nmap target specification 138
Nmap TCP scan options 139
Nmap UDP scan options 140
Nmap port specification 141
Nmap output options 142
Nmap timing options 143
Nmap scripting engine 144
Unicornscan 147
Zenmap 148
Service enumeration 152
Amap 152
Httprint 153
Httsquash 155
VPN enumeration 156
ike-scan 157
Summary 159


Chapter 7: Vulnerability Mapping 161
Types of vulnerabilities 162
Local vulnerability 162
Remote vulnerability 163
Vulnerability taxonomy 164
Open Vulnerability Assessment System (OpenVAS) 165
OpenVAS integrated security tools 166
Cisco analysis 169
Cisco Auditing Tool 169
Cisco Global Exploiter 170
Cisco Passwd Scanner 172
Fuzzy analysis 173
BED 173
Bunny 175
JBroFuzz 177
SMB analysis 180
Impacket Samrdump 180
Smb4k 181
SNMP analysis 182
ADMSnmp 183
Snmp Enum 184
SNMP Walk 186
Web application analysis 188
Database assessment tools 188
DBPwAudit 189
Pblind 190
SQLbrute 191
SQLiX 194
SQLMap 196
SQL Ninja 199
Application assessment tools 202
Burp Suite 202
Grendel Scan 204
LBD 206
Nikto2 207
Paros Proxy 209
Ratproxy 210
W3AF 212
WAFW00F 214
WebScarab 215
Summary 217


Chapter 8: Social Engineering 219
Modeling human psychology 220
Attack process 220
Attack methods 221
Impersonation 221
Reciprocation 222
Influential authority 222
Scarcity 223
Social relationship 223
Social Engineering Toolkit (SET) 224
Targeted phishing attack 225
Gathering user credentials 230
Common User Passwords Profiler (CUPP) 234
Summary 235


Chapter 9: Target Exploitation 237
Vulnerability research 238
Vulnerability and exploit repositories 240
Advanced exploitation toolkit 241
MSFConsole 242
MSFCLI 244
Ninja 101 drills 246
Scenario #1 246
Scenario #2 248
Scenario #3 252
Scenario #4 261
Scenario #5 263
Writing exploit module 268
Summary 273

Chapter 10: Privilege Escalation 275
Attacking the password 276
Offline attack tools 277
Rainbowcrack 277
Samdump2 280
John 282
Ophcrack 284
Crunch 285
Wyd 286
Online attack tools 287
BruteSSH 287
Hydra 288
Network sniffers 289
Dsniff 290
Hamster 291
Tcpdump 294
Tcpick 295
Wireshark 296
Network spoofing tools 298
Arpspoof 298
Ettercap 300
Summary 304


Chapter 11: Maintaining Access 305
Protocol tunneling 305
DNS2tcp 306
Ptunnel 307
Stunnel4 308
Proxy 311
3proxy 311
Proxychains 312
End-to-end connection 313
CryptCat 313
Sbd 314
Socat 315
Summary 319


Chapter 12: Documentation and Reporting 321
Documentation and results verification 322
Types of reports 323
Executive report 323
Management report 324
Technical report 325
Network penetration testing report (sample contents) 326
Presentation 327
Post testing procedures 328
Summary 329


PART III: Extra Ammunition

Appendix A: Supplementary Tools 333
Vulnerability scanner 333
NeXpose community edition 334
NeXpose installation 334
Starting NeXpose community 335
Login to NeXpose community 336
Using NeXpose community 336
Web application fingerprinter 338
WhatWeb 338
BlindElephant 339
Network Ballista 341
Netcat 341
Open connection 342
Service banner grabbing 342
Simple server 343
File transfer 343
Portscanning 344
Backdoor Shell 344
Reverse shell 345
Summary 346
Appendix B: Key Resources 347
Vulnerability Disclosure and Tracking 347
Paid Incentive Programs 349
Reverse Engineering Resources 349
Network ports 350
Index 357


Link Download:
Here

Share this post