BackTrack 4: Assuring Security by Penetration Testing

Shakeel Ali, Tedi Heriyanto

Overview | Reviews | Author | Support | Sample Chapters

BackTrack 4: Assuring Security by Penetration Testing

eBook: $29.99
Formats: PDF, PacktLib, ePub and Mobi formats

$25.49
save 15%!

Print + free eBook + free PacktLib access to the book: $79.98 Print cover: $49.99

$49.99
save 37%!

Packt
Anytime, Anywhere

Unlimited eBook downloads and up to 50% off the print version!

Free Shipping!

UK, US, Europe and selected countries in Asia.

Also available on:

Overview

Table of Contents

Author

Reviews

Support

Sample Chapters

Learn the black-art of penetration testing with in-depth coverage of BackTrack Linux distribution
Explore the insights and importance of testing your corporate network systems before hackers strike it
Understand the practical spectrum of security tools by their exemplary usage, configuration, and benefits
Fully illustrated with practical examples, step-by-step instructions, and useful tips to cover the best-of-breed security assessment tools

Book Details

Language : English
Paperback : 392 pages [ 235mm x 191mm ]
Release Date : April 2011
ISBN : 1849513945
ISBN 13 : 9781849513944
Author(s) : Shakeel Ali, Tedi Heriyanto
Topics and Technologies : All Books, Security and Testing, Open Source

Preface
PART I: Lab Preparation and Testing Procedures
Chapter 1: Beginning with BackTrack
Chapter 2: Penetration Testing Methodology
PART II: Penetration Testers Armory
Chapter 3: Target Scoping
Chapter 4: Information Gathering
Chapter 5: Target Discovery
Chapter 6: Enumerating Target
Chapter 7: Vulnerability Mapping
Chapter 8: Social Engineering
Chapter 9: Target Exploitation
Chapter 10: Privilege Escalation
Chapter 11: Maintaining Access
Chapter 12: Documentation and Reporting
PART III: Extra Ammunition
Appendix A: Supplementary Tools
Appendix B: Key Resources
Index

Preface

PART I: Lab Preparation and Testing Procedures

Chapter 1: Beginning with BackTrack

History
BackTrack purpose
Getting BackTrack
Using BackTrack

Live DVD
Installing to hard disk

Installation in real machine
Installation in VirtualBox

Portable BackTrack

Configuring network connection

Ethernet setup
Wireless setup
Starting the network service

Updating BackTrack

Updating software applications
Updating the kernel

Installing additional weapons

Nessus vulnerability scanner
WebSecurify

Customizing BackTrack
Summary

Chapter 2: Penetration Testing Methodology

Types of penetration testing

Black-box testing
White-box testing

Vulnerability assessment versus penetration testing
Security testing methodologies

Open Source Security Testing Methodology Manual (OSSTMM)

Key features and benefits

Information Systems Security Assessment Framework (ISSAF)

Key features and benefits

Open Web Application Security Project (OWASP) Top Ten

Key features and benefits

Web Application Security Consortium Threat Classification (WASC-TC)

Key features and benefits

BackTrack testing methodology

Target scoping
Information gathering
Target discovery
Enumerating target
Vulnerability mapping
Social engineering
Target exploitation
Privilege escalation
Maintaining access
Documentation and reporting

The ethics
Summary

PART II: Penetration Testers Armory

Chapter 3: Target Scoping

Gathering client requirements

Customer requirements form
Deliverables assessment form

Preparing the test plan

Test plan checklist

Profiling test boundaries
Defining business objectives
Project management and scheduling
Summary

Chapter 4: Information Gathering

Public resources
Document gathering

Metagoofil

DNS information

dnswalk
dnsenum
dnsmap

dnsmap-bulk

dnsrecon
fierce

Route information

0trace
dmitry
itrace
tcpraceroute
tctrace

Utilizing search engines

goorecon
theharvester

All-in-one intelligence gathering

Maltego

Documenting the information

Dradis

Summary

Chapter 5: Target Discovery

Introduction
Identifying the target machine

ping
arping
arping2
fping
genlist
hping2
hping3
lanmap
nbtscan
nping
onesixtyone

OS fingerprinting

p0f
xprobe2

Summary

Chapter 6: Enumerating Target

Port scanning

AutoScan
Netifera
Nmap

Nmap target specification
Nmap TCP scan options
Nmap UDP scan options
Nmap port specification
Nmap output options
Nmap timing options
Nmap scripting engine

Unicornscan
Zenmap

Service enumeration

Amap
Httprint
Httsquash

VPN enumeration

ike-scan

Summary

Chapter 7: Vulnerability Mapping

Types of vulnerabilities

Local vulnerability
Remote vulnerability

Vulnerability taxonomy
Open Vulnerability Assessment System (OpenVAS)

OpenVAS integrated security tools

Cisco analysis

Cisco Auditing Tool
Cisco Global Exploiter
Cisco Passwd Scanner

Fuzzy analysis

BED
Bunny
JBroFuzz

SMB analysis

Impacket Samrdump
Smb4k

SNMP analysis

ADMSnmp
Snmp Enum
SNMP Walk

Web application analysis

Database assessment tools

DBPwAudit
Pblind
SQLbrute
SQLiX
SQLMap
SQL Ninja

Application assessment tools

Burp Suite
Grendel Scan
LBD
Nikto2
Paros Proxy
Ratproxy
W3AF
WAFW00F
WebScarab

Summary

Chapter 8: Social Engineering

Modeling human psychology
Attack process
Attack methods

Impersonation
Reciprocation
Influential authority
Scarcity
Social relationship

Social Engineering Toolkit (SET)

Targeted phishing attack
Gathering user credentials

Common User Passwords Profiler (CUPP)
Summary

Chapter 9: Target Exploitation

Vulnerability research
Vulnerability and exploit repositories
Advanced exploitation toolkit

MSFConsole
MSFCLI
Ninja 101 drills

Scenario #1
Scenario #2
Scenario #3
Scenario #4
Scenario #5

Writing exploit module

Summary

Chapter 10: Privilege Escalation

Attacking the password

Offline attack tools

Rainbowcrack
Samdump2
John
Ophcrack
Crunch
Wyd

Online attack tools

BruteSSH
Hydra

Network sniffers

Dsniff
Hamster
Tcpdump
Tcpick
Wireshark

Network spoofing tools

Arpspoof
Ettercap

Summary

Chapter 11: Maintaining Access

Protocol tunneling

DNS2tcp
Ptunnel
Stunnel4

Proxy

3proxy
Proxychains

End-to-end connection

CryptCat
Sbd
Socat

Summary

Chapter 12: Documentation and Reporting

Documentation and results verification
Types of reports

Executive report
Management report
Technical report
Network penetration testing report (sample contents)

Table of Contents

Presentation
Post testing procedures
Summary

PART III: Extra Ammunition

Appendix A: Supplementary Tools

Vulnerability scanner

NeXpose community edition

NeXpose installation
Starting NeXpose community
Login to NeXpose community
Using NeXpose community

Web application fingerprinter

WhatWeb
BlindElephant

Network Ballista

Netcat

Open connection
Service banner grabbing
Simple server
File transfer
Portscanning
Backdoor Shell
Reverse shell

Summary

Appendix B: Key Resources

Vulnerability Disclosure and Tracking

Paid Incentive Programs

Reverse Engineering Resources
Network ports

Index

Shakeel Ali

Shakeel Ali is a main founder and CTO of Cipher Storm Ltd, UK. His expertise in the security industry markedly exceeds the standard number of security assessments, compliance, governance, and forensic projects that he carries in day-to-day operations. As a senior security evangelist and having spent endless nights without taking a nap, he provides constant security support to various businesses and government institutions globally. He is an active independent researcher who writes various articles, whitepapers, and manages a blog at Ethical-Hacker.net. He regularly participates in BugCon Security Conferences, Mexico, to highlight the best-of-breed cyber security threats and their solutions from practically driven countermeasures.

Tedi Heriyanto

Tedi Heriyanto currently works as a Senior Technical Consultant in an Indonesian information technology company. He has worked with several well-known institutions in Indonesia and overseas, in designing secure network architecture, deploying and managing enterprise-wide security systems, developing information security policies and procedures, doing information security audit and assessment, and giving information security awareness training. In his spare times, he manages to research, write various articles, participate in Indonesian Security Community activities, and maintain a blog site. He has shared his knowledge in information security by writing several information security and computer programming books.

If your livelihood depends on keeping a secure environment, you probably ought to get a copy of this book for your in-house penetration tester. It's an eye-opener.

The book is a good read. Overall, BackTrack 4: Assuring Security by Penetration Testing gets 8/10.

Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

Errata

- 1 submitted: last submission 09 Aug 2012

Errata type:URL Page No:22

The link to backtrack.offensive-security.com/index.php/HCL:Wireless is dead. Here is the correct solution: http://web.archive.org/web/20101113011736/http://backtrack.offensive-security.com/index.php?title=HCL:Wireless and Also, as an alternative: http://www.backtrack-linux.org/wiki/index.php/Wireless_Drivers

Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

50% Off
the eBooks

Buy both these recommended eBooks together and get 50% off the total price

What you will learn from this book

Initiate the BackTrack OS environment in your test lab by installing, configuring, running, and updating its core system components
Draw a formal BackTrack testing methodology
Scope your target with definitive test requirements, limitations, and business objectives, and schedule the test plan
Gain practical experience with a number of security tools from BackTrack logically divided into sub-categories of testing methodology
Practice the process of reconnaissance, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, and maintaining access to your target for evaluation purposes
Document, report, and present your verified test results to the relevant authorities in a formal reporting structure
Assess the various technologies comprising your target information system's environment, such as web applications, network administration servers, workstations, Cisco devices, firewalls, load balancers, routers, switches, intrusion detection and prevention devices, and many more
Examine and research the vulnerability in greater detail before attempting to exploit it by taking control of the target, thus reducing any false positives
Exploit human vulnerability by wrapping yourself with the art of deception to acquire the target

In Detail

BackTrack is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying appropriate testing methodology with defined business objectives and a scheduled test plan will result in robust penetration testing of your network.

BackTrack 4: Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating the cutting-edge hacker tools and techniques in a coherent step-by-step strategy. It offers all the essential lab preparation and testing procedures to reflect real-world attack scenarios from your business perspective in today's digital age.

The authors' experience and expertise enables them to reveal the industry's best approach for logical and systematic penetration testing.

The first and so far only book on BackTrack OS starts with lab preparation and testing procedures, explaining the basic installation and configuration set up, discussing types of penetration testing (black-box and white-box), uncovering open security testing methodologies, and proposing the BackTrack specific testing process. The authors discuss a number of security assessment tools necessary to conduct penetration testing in their respective categories (target scoping, information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, maintaining access, and reporting), following the formal testing methodology. Each of these tools is illustrated with real-world examples to highlight their practical usage and proven configuration techniques. The authors also provide extra weaponry treasures and cite key resources that may be crucial to any professional penetration tester.

This book serves as a single professional, practical, and expert guide to developing hardcore penetration testing skills from scratch. You will be trained to make the best use of BackTrack OS either in a commercial environment or an experimental test bed.

A tactical example-driven guide for mastering the penetration testing skills with BackTrack to identify, detect, and exploit vulnerabilities at your digital doorstep.

Approach

Written as an interactive tutorial, this book covers the core of BackTrack with real-world examples and step-by-step instructions to provide professional guidelines and recommendations to you. The book is designed in a simple and intuitive manner, which allows you to explore the whole BackTrack testing process or study parts of it individually.

Who this book is for

If you are an IT security professional or network administrator who has a basic knowledge of Unix/Linux operating systems including awareness of information security factors, and you want to use BackTrack for penetration testing, then this book is for you.