BackTrack 4: Assuring Security by Penetration Testing

BackTrack 4: Assuring Security by Penetration Testing
eBook: $29.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print + free eBook + free PacktLib access to the book: $79.98    Print cover: $49.99
save 6%!
Anytime, Anywhere
Unlimited eBook downloads and up to 50% off the print version!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • Learn the black-art of penetration testing with in-depth coverage of BackTrack Linux distribution
  • Explore the insights and importance of testing your corporate network systems before hackers strike it
  • Understand the practical spectrum of security tools by their exemplary usage, configuration, and benefits
  • Fully illustrated with practical examples, step-by-step instructions, and useful tips to cover the best-of-breed security assessment tools

Book Details

Language : English
Paperback : 392 pages [ 235mm x 191mm ]
Release Date : April 2011
ISBN : 1849513945
ISBN 13 : 9781849513944
Author(s) : Shakeel Ali, Tedi Heriyanto
Topics and Technologies : All Books, Networking and Servers, Security and Testing, Open Source

Table of Contents

PART I: Lab Preparation and Testing Procedures
Chapter 1: Beginning with BackTrack
Chapter 2: Penetration Testing Methodology
PART II: Penetration Testers Armory
Chapter 3: Target Scoping
Chapter 4: Information Gathering
Chapter 5: Target Discovery
Chapter 6: Enumerating Target
Chapter 7: Vulnerability Mapping
Chapter 8: Social Engineering
Chapter 9: Target Exploitation
Chapter 10: Privilege Escalation
Chapter 11: Maintaining Access
Chapter 12: Documentation and Reporting
PART III: Extra Ammunition
Appendix A: Supplementary Tools
Appendix B: Key Resources
  • Chapter 1: Beginning with BackTrack
    • History
    • BackTrack purpose
    • Getting BackTrack
    • Using BackTrack
      • Live DVD
      • Installing to hard disk
        • Installation in real machine
        • Installation in VirtualBox
      • Portable BackTrack
    • Configuring network connection
      • Ethernet setup
      • Wireless setup
      • Starting the network service
    • Updating BackTrack
      • Updating software applications
      • Updating the kernel
    • Installing additional weapons
      • Nessus vulnerability scanner
      • WebSecurify
    • Customizing BackTrack
    • Summary
    • Chapter 2: Penetration Testing Methodology
      • Types of penetration testing
        • Black-box testing
        • White-box testing
      • Vulnerability assessment versus penetration testing
      • Security testing methodologies
        • Open Source Security Testing Methodology Manual (OSSTMM)
          • Key features and benefits
        • Information Systems Security Assessment Framework (ISSAF)
          • Key features and benefits
        • Open Web Application Security Project (OWASP) Top Ten
          • Key features and benefits
        • Web Application Security Consortium Threat Classification (WASC-TC)
          • Key features and benefits
      • BackTrack testing methodology
        • Target scoping
        • Information gathering
        • Target discovery
        • Enumerating target
        • Vulnerability mapping
        • Social engineering
        • Target exploitation
        • Privilege escalation
        • Maintaining access
        • Documentation and reporting
      • The ethics
      • Summary
      • Chapter 3: Target Scoping
        • Gathering client requirements
          • Customer requirements form
          • Deliverables assessment form
        • Preparing the test plan
          • Test plan checklist
        • Profiling test boundaries
        • Defining business objectives
        • Project management and scheduling
        • Summary
        • Chapter 4: Information Gathering
          • Public resources
          • Document gathering
            • Metagoofil
          • DNS information
            • dnswalk
            • dnsenum
            • dnsmap
              • dnsmap-bulk
            • dnsrecon
            • fierce
          • Route information
            • 0trace
            • dmitry
            • itrace
            • tcpraceroute
            • tctrace
          • Utilizing search engines
            • goorecon
            • theharvester
          • All-in-one intelligence gathering
            • Maltego
          • Documenting the information
            • Dradis
          • Summary
          • Chapter 5: Target Discovery
            • Introduction
            • Identifying the target machine
              • ping
              • arping
              • arping2
              • fping
              • genlist
              • hping2
              • hping3
              • lanmap
              • nbtscan
              • nping
              • onesixtyone
            • OS fingerprinting
              • p0f
              • xprobe2
            • Summary
            • Chapter 6: Enumerating Target
              • Port scanning
                • AutoScan
                • Netifera
                • Nmap
                  • Nmap target specification
                  • Nmap TCP scan options
                  • Nmap UDP scan options
                  • Nmap port specification
                  • Nmap output options
                  • Nmap timing options
                  • Nmap scripting engine
                • Unicornscan
                • Zenmap
              • Service enumeration
                • Amap
                • Httprint
                • Httsquash
              • VPN enumeration
                • ike-scan
              • Summary
              • Chapter 7: Vulnerability Mapping
                • Types of vulnerabilities
                  • Local vulnerability
                  • Remote vulnerability
                • Vulnerability taxonomy
                • Open Vulnerability Assessment System (OpenVAS)
                  • OpenVAS integrated security tools
                • Cisco analysis
                  • Cisco Auditing Tool
                  • Cisco Global Exploiter
                  • Cisco Passwd Scanner
                • Fuzzy analysis
                  • BED
                  • Bunny
                  • JBroFuzz
                • SMB analysis
                  • Impacket Samrdump
                  • Smb4k
                • SNMP analysis
                  • ADMSnmp
                  • Snmp Enum
                  • SNMP Walk
                • Web application analysis
                  • Database assessment tools
                    • DBPwAudit
                    • Pblind
                    • SQLbrute
                    • SQLiX
                    • SQLMap
                    • SQL Ninja
                  • Application assessment tools
                    • Burp Suite
                    • Grendel Scan
                    • LBD
                    • Nikto2
                    • Paros Proxy
                    • Ratproxy
                    • W3AF
                    • WAFW00F
                    • WebScarab
                • Summary
                • Chapter 8: Social Engineering
                  • Modeling human psychology
                  • Attack process
                  • Attack methods
                    • Impersonation
                    • Reciprocation
                    • Influential authority
                    • Scarcity
                    • Social relationship
                  • Social Engineering Toolkit (SET)
                    • Targeted phishing attack
                    • Gathering user credentials
                  • Common User Passwords Profiler (CUPP)
                  • Summary
                  • Chapter 9: Target Exploitation
                    • Vulnerability research
                    • Vulnerability and exploit repositories
                    • Advanced exploitation toolkit
                      • MSFConsole
                      • MSFCLI
                      • Ninja 101 drills
                        • Scenario #1
                        • Scenario #2
                        • Scenario #3
                        • Scenario #4
                        • Scenario #5
                      • Writing exploit module
                    • Summary
                    • Chapter 10: Privilege Escalation
                      • Attacking the password
                        • Offline attack tools
                          • Rainbowcrack
                          • Samdump2
                          • John
                          • Ophcrack
                          • Crunch
                          • Wyd
                        • Online attack tools
                          • BruteSSH
                          • Hydra
                      • Network sniffers
                        • Dsniff
                        • Hamster
                        • Tcpdump
                        • Tcpick
                        • Wireshark
                      • Network spoofing tools
                        • Arpspoof
                        • Ettercap
                      • Summary
                        • Chapter 12: Documentation and Reporting
                          • Documentation and results verification
                          • Types of reports
                            • Executive report
                            • Management report
                            • Technical report
                            • Network penetration testing report (sample contents)
                              • Table of Contents
                          • Presentation
                          • Post testing procedures
                          • Summary
                          • Appendix A: Supplementary Tools
                            • Vulnerability scanner
                              • NeXpose community edition
                                • NeXpose installation
                                • Starting NeXpose community
                                • Login to NeXpose community
                                • Using NeXpose community
                            • Web application fingerprinter
                              • WhatWeb
                              • BlindElephant
                            • Network Ballista
                              • Netcat
                                • Open connection
                                • Service banner grabbing
                                • Simple server
                                • File transfer
                                • Portscanning
                                • Backdoor Shell
                                • Reverse shell
                            • Summary
                            • Appendix B: Key Resources
                              • Vulnerability Disclosure and Tracking
                                • Paid Incentive Programs
                              • Reverse Engineering Resources
                              • Network ports

                              Shakeel Ali

                              Shakeel Ali is a Security and Risk Management consultant at Fortune 500. Previously, he was the key founder of Cipher Storm Ltd., UK. His expertise in the security industry markedly exceeds the standard number of security assessments, audits, compliance, governance, and forensic projects that he carries out in day-to-day operations. He has also served as a Chief Security Officer at CSS Providers SAL. As a senior security evangelist and having spent endless nights without taking a nap, he provides constant security support to various businesses, educational organizations, and government institutions globally. He is an active, independent researcher who writes various articles and whitepapers and manages a blog at Also, he regularly participates in BugCon Security Conferences held in Mexico, to highlight the best-of-breed cyber security threats and their solutions from practically driven countermeasures.

                              Tedi Heriyanto

                              Tedi Heriyanto currently works as a principal consultant in an Indonesian information security company. In his current role, he has been engaged with various penetration testing assignments in Indonesia and other countries. In his previous role, he was engaged with several well-known business institutions across Indonesia and overseas. Tedi has an excellent track record in designing secure network architecture, deploying and managing enterprise-wide security systems, developing information security policies and procedures, performing information security audits and assessments, and providing information security awareness training. In his spare time, he manages to research, learn, and participate in the Indonesian Security Community activities and has a blog He shares his knowledge in the security fi eld by writing several information security books.

                              Submit Errata

                              Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


                              - 1 submitted: last submission 16 Dec 2013

                              Errata type:URL Page No:22

                              The link to is dead. Here is the correct solution: and Also, as an alternative:

                              Sample chapters

                              You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                              Frequently bought together

                              BackTrack 4: Assuring Security by Penetration Testing +    Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide =
                              50% Off
                              the second eBook
                              Price for both: $45.60

                              Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                              What you will learn from this book

                              • Initiate the BackTrack OS environment in your test lab by installing, configuring, running, and updating its core system components
                              • Draw a formal BackTrack testing methodology
                              • Scope your target with definitive test requirements, limitations, and business objectives, and schedule the test plan
                              • Gain practical experience with a number of security tools from BackTrack logically divided into sub-categories of testing methodology
                              • Practice the process of reconnaissance, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, and maintaining access to your target for evaluation purposes
                              • Document, report, and present your verified test results to the relevant authorities in a formal reporting structure
                              • Assess the various technologies comprising your target information system's environment, such as web applications, network administration servers, workstations, Cisco devices, firewalls, load balancers, routers, switches, intrusion detection and prevention devices, and many more
                              • Examine and research the vulnerability in greater detail before attempting to exploit it by taking control of the target, thus reducing any false positives
                              • Exploit human vulnerability by wrapping yourself with the art of deception to acquire the target

                              In Detail

                              BackTrack is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying appropriate testing methodology with defined business objectives and a scheduled test plan will result in robust penetration testing of your network.

                              BackTrack 4: Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating the cutting-edge hacker tools and techniques in a coherent step-by-step strategy. It offers all the essential lab preparation and testing procedures to reflect real-world attack scenarios from your business perspective in today's digital age.

                              The authors' experience and expertise enables them to reveal the industry's best approach for logical and systematic penetration testing.

                              The first and so far only book on BackTrack OS starts with lab preparation and testing procedures, explaining the basic installation and configuration set up, discussing types of penetration testing (black-box and white-box), uncovering open security testing methodologies, and proposing the BackTrack specific testing process. The authors discuss a number of security assessment tools necessary to conduct penetration testing in their respective categories (target scoping, information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, maintaining access, and reporting), following the formal testing methodology. Each of these tools is illustrated with real-world examples to highlight their practical usage and proven configuration techniques. The authors also provide extra weaponry treasures and cite key resources that may be crucial to any professional penetration tester.

                              This book serves as a single professional, practical, and expert guide to developing hardcore penetration testing skills from scratch. You will be trained to make the best use of BackTrack OS either in a commercial environment or an experimental test bed.

                              A tactical example-driven guide for mastering the penetration testing skills with BackTrack to identify, detect, and exploit vulnerabilities at your digital doorstep.


                              Written as an interactive tutorial, this book covers the core of BackTrack with real-world examples and step-by-step instructions to provide professional guidelines and recommendations to you. The book is designed in a simple and intuitive manner, which allows you to explore the whole BackTrack testing process or study parts of it individually.

                              Who this book is for

                              If you are an IT security professional or network administrator who has a basic knowledge of Unix/Linux operating systems including awareness of information security factors, and you want to use BackTrack for penetration testing, then this book is for you.

                              Code Download and Errata
                              Packt Anytime, Anywhere
                              Register Books
                              Print Upgrades
                              eBook Downloads
                              Video Support
                              Contact Us
                              Awards Voting Nominations Previous Winners
                              Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                              Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software