SlideShare ist ein Scribd-Unternehmen logo

BackTrack5 - Linux

Als PPTX, PDF herunterladen
M
mariuszantal

A presentation about Backtrack Linux distro and some of the tools from this penetration testing framework.

Technologie
1 von 35
BACKTRACK -LINUX - Softare Security - Marius Antal
“The quiter you become, the more you are able to hear”
Introduction  There are certain tools when you are a security consultant that are just crucial to your job.  In the past couple of years one of the security tools that has risen to this rank is called Backtrack.
Introduction  Linux-based  Penetration testing arsenal  Aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
Introduction  Installed,  Booted from a Live DVD,  Booted from thumbdrive,  Optimized for a security system
Introduction  Customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.  BEGINNER or EXPERT  The largest collection of wireless hacking, server exploiting, web application assessing, social- engineering tools available in a single Linux distribution.
History  Named after backtracking, the search algorithm.  Current version - BackTrack 5 R1, code name "Revolution and it's Revision.“
History  Originated from the merger of two competing distributions both based on Knoppix which focused on penetration testing:  WHAX: developed by Mati Aharoni, a security consultant.  Auditor Security Collection: a Live CD developed by Max Moser which included over 300 tools user friendly organized.
History  Designed to be an all in one live cd  Used on security audits  Specifically crafted to not leave any remnants of itself on the laptop  The most widely adopted penetration testing framework  BackTrack 4 Pre-Final - over 4 million downloads  With support for both 32 bit and 64 bit platforms.
Interface  Ubuntu based, user friendly operating system.  Different UI configurations that you can use to get started:  the gnome desktop interface  the KDE desktop interface.  For new users: Gnome interface  Advanced users: KDE version - more options to configure the system.
Instalation  www.backtrack-linux.org/downloads/  ISO  UnetBootin  USB > 2GB  CD/DVD..
Community  Opensource project:  started by Mati Aharoni and Max Moser  continued by a staff of individuals of different languages, regions, industries, and nationalities.  The community’s activity:  website, backtrack-linux.org  wiki page,  a blog,  their forum, http://www.backtrack-linux.org/forums/,  video tutorials, courses.
Tools - categories  Contains more than 300 security tools and utilities that are ALL OPEN SOURCE.  Many security professionals prefer them over expensive commercial programs.  Also the hackers.
Categories  Information gathering,  Network mapping,  Vulnerability identification,  Web application analysis,  Digital forensics,  Reverse engineering,  Basic penetration.
Categories  Under each of the main categories, we'll find subheadings…
Some tools  BackTrack Linux - a fine example of a specialized Linux distribution: no matter which part of the computer security field that you work in the Backtrack operating system should have you covered.  From Port scanners to password crackers, all can be found in Backtrack suite.
Some tools – well known  Metasploit  RFMON  Aircrack-NG  Kismet  Nmap  Ophcrack  Ettercap
Some tools – well known  Wireshark (formerly known as Ethereal)  BeEF (Browser Exploitation Framework)  Hydra  OWASP Mantra Security Framework collection of hacking tools, add-ons and scripts based on Firefox  Cisco OCS Mass Scanner A very reliable and fast scanner for Cisco routers with telnet/enable default password.  Quypt (Terminal Emulator) (which is private software by Crimson Hacking group, which has leaked to the Mainstream) Blackhat  A large collection of exploits as well as more commonplace software such as browsers.
NMAP, flying under the radar  The main goal in any penetration test is to tread lightly so that you don't set off any intrusion detection alerts or cause a noticeable amount of activity on the systems and network in which you're working.  The activity must not look unusual to network engineers or other system administrators.
NMAP, flying under the radar  One easy way to gather a lot of information on a target network quickly is to perform a SYN scan with Nmap.  A SYN scan doesn't make complete connections to a system's services.  A SYN scan never completes the TCP handshake process and therefore the target host never logs the attempt, so no alarms are triggered. (This technique works because TCP/IP is a "polite" protocol. It doesn't speak until spoken to.)
NMAP, flying under the radar  1. The port scanner sends out a SYN request on a particular port number (22).  2. The target responds with an ACK.  3. The scanner notes the ACK and sends a RST(reset) to disconnect from the target.  No TCP connection ever takes place. The port scanner sends a SYN request to the next likely open port number, and so on..
NMAP, flying under the radar  The SYN scan is very clean (leaves no trace) because no harm is done to the target. This type of scan works on all operating systems.  It's important to remain as quiet as possible during your reconnaissance phase so you can gather as much information as possible about systems and their potential vulnerabilities without detection.
NMAP, flying under the radar  CLI  GUI – ZenMap(BackTrack > Information Gathering > Network Analysis > Network Scanners.)
NMAP, flying under the radar  With only a simplest scan of a host (target), Zenmap provides a huge amount of information very quickly.  The Nmap command line equivalent of a scan is: nmap -T4 -A -v 192.168.1.250
NMAP, flying under the radar  The exact version information related to listening services on a host, helps you determine vulnerabilities and exploitable services.  Nmap is an advanced tool that is widely used among security professionals and hackers.  It provides a great deal of information for the least amount of effort.
NMAP, flying under the radar
NMAP, flying under the radar  Demo.
NCrack  Ncrack is a highly effective and fast network authentication cracking tool.  Its purpose is to assist you in identifying user accounts with weak passwords without the hassle of logging into each host and cracking a password hash.  Using it, you can check for weak FTP, SSH, TELNET, HTTP(S), POP3(S), SMB, RDP, and VNC passwords.
NCrack  Next slide an actual ncrack scan looks like after a successful password crack.  The user account, bob, uses a very weak password: “cheese”.  It took ncrack two minutes thirty seconds to crack this password. This means that a hacker could login to this system using the 'bob' account in less than five minutes and commence working on breaking a privileged account or downloading malware with ease.
NMAP, flying under the radar
NMAP, flying under the radar  Demo.
Conclusions  System security is serious problem, and the tools that hackers use to compromise your systems must be understood.  Running your own checks first and strengthening your defenses, you could save your project sometimes from millions of dollars in losses.  BackTrack contains all the tools needed by someone who wants to check a system’s security against unwantend guests.
Questions! …
Bibliography  http://www.backtrack-linux.org/  A Review of the New Backtrack 5 Operating System. (n.d.). Retrieved from http://www.infosecisland.com/blogview/14138- A-Review-of-the-New-Backtrack-5-Operating-System.html  About Us: BackTrack. (n.d.). Retrieved from http://www.backtrack-linux.org/about/  BackTrack Linux: The Ultimate Hacker's Arsenal. (n.d.). Retrieved from http://www.admin- magazine.com/Articles/BackTrack-Linux-The-Ultimate-Hacker- s-Arsenal  Pendrive.com. (n.d.). Retrieved from http://www.pendrivelinux.com/usb-backtrack-linux- installation/  Wikipedia Backtrack page. (n.d.). Retrieved from http://en.wikipedia.org/wiki/BackTrack

Empfohlen

Backtrack
BacktrackBacktrack
Backtrackn|u - The Open Security Community
 
Backtrack
BacktrackBacktrack
BacktrackOne97 Communications Limited
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5Ayush Goyal
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesbsidesaugusta
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion ConferenceDefensiveDepth
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016DefensiveDepth
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with SnortNarudom Roongsiriwong, CISSP
 

Empfohlen

Backtrack
BacktrackBacktrack
Backtrackn|u - The Open Security Community
 
Backtrack
BacktrackBacktrack
BacktrackOne97 Communications Limited
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5Ayush Goyal
 
Security Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesSecurity Onion: peeling back the layers of your network in minutes
Security Onion: peeling back the layers of your network in minutesbsidesaugusta
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion ConferenceDefensiveDepth
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016DefensiveDepth
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with SnortNarudom Roongsiriwong, CISSP
 
Suricata
SuricataSuricata
Suricatatex_morgan
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTAshley Deuble
 
Security Onion
Security OnionSecurity Onion
Security Onionjohndegruyter
 
Kali Linux - Falconer
Kali Linux - FalconerKali Linux - Falconer
Kali Linux - FalconerTony Godfrey
 
Security onion
Security onionSecurity onion
Security onionKaustubh Padwad
 
Introduction To Linux Security
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux SecurityMichael Boman
 
Nikto
NiktoNikto
NiktoSorina Chirilă
 
Linux Network Security
Linux Network SecurityLinux Network Security
Linux Network SecurityAmr Ali
 
Security Onion Conference - 2015
Security Onion Conference - 2015Security Onion Conference - 2015
Security Onion Conference - 2015DefensiveDepth
 
Acid
AcidAcid
AcidMichael Boman
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short descriptionJose Moruno Cadima
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverGregory Hanis
 
Security Onion - Introduction
Security Onion - IntroductionSecurity Onion - Introduction
Security Onion - Introductionn|u - The Open Security Community
 
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Lane Huff
 
Linux Security
Linux SecurityLinux Security
Linux Securitynayakslideshare
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMPShaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 
Nessus v6 command_line_reference
Nessus v6 command_line_referenceNessus v6 command_line_reference
Nessus v6 command_line_referenceCraig Cannon
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)Michael Boman
 
Snort-IPS-Tutorial
Snort-IPS-TutorialSnort-IPS-Tutorial
Snort-IPS-TutorialVladimir Koychev
 
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...Andrea Draghetti
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools iSyaiful Ahdan
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 

Weitere ähnliche Inhalte

Was ist angesagt?

Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTAshley Deuble
 
Kali Linux - Falconer
Kali Linux - FalconerKali Linux - Falconer
Kali Linux - FalconerTony Godfrey
 
Introduction To Linux Security
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux SecurityMichael Boman
 
Linux Network Security
Linux Network SecurityLinux Network Security
Linux Network SecurityAmr Ali
 
Security Onion Conference - 2015
Security Onion Conference - 2015Security Onion Conference - 2015
Security Onion Conference - 2015DefensiveDepth
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short descriptionJose Moruno Cadima
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverGregory Hanis
 
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Lane Huff
 
Nessus v6 command_line_reference
Nessus v6 command_line_referenceNessus v6 command_line_reference
Nessus v6 command_line_referenceCraig Cannon
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)Michael Boman
 
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...Andrea Draghetti
 

Was ist angesagt? (20)

Suricata
SuricataSuricata
Suricata
 
Intro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERTIntro to NSM with Security Onion - AusCERT
Intro to NSM with Security Onion - AusCERT
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
Kali Linux - Falconer
Kali Linux - FalconerKali Linux - Falconer
Kali Linux - Falconer
 
Security onion
Security onionSecurity onion
Security onion
 
Introduction To Linux Security
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux Security
 
Nikto
NiktoNikto
Nikto
 
Linux Network Security
Linux Network SecurityLinux Network Security
Linux Network Security
 
Security Onion Conference - 2015
Security Onion Conference - 2015Security Onion Conference - 2015
Security Onion Conference - 2015
 
Acid
AcidAcid
Acid
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short description
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
 
Security Onion - Introduction
Security Onion - IntroductionSecurity Onion - Introduction
Security Onion - Introduction
 
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
 
Linux Security
Linux SecurityLinux Security
Linux Security
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
Nessus v6 command_line_reference
Nessus v6 command_line_referenceNessus v6 command_line_reference
Nessus v6 command_line_reference
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)
 
Snort-IPS-Tutorial
Snort-IPS-TutorialSnort-IPS-Tutorial
Snort-IPS-Tutorial
 
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
 

Ähnlich wie BackTrack5 - Linux

Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools iSyaiful Ahdan
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffingMukul Sahu
 
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLaticiaGrissomzz
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptcemporku
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdftehkotak4
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 

Ähnlich wie BackTrack5 - Linux (20)

Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools i
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
Sectools
SectoolsSectools
Sectools
 
aaa
aaaaaa
aaa
 
Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffing
 
ACS-2010
ACS-2010ACS-2010
ACS-2010
 
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
Security tools
Security toolsSecurity tools
Security tools
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Security Handbook
Security Handbook Security Handbook
Security Handbook
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.ppt
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdf
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 

Kürzlich hochgeladen

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Kürzlich hochgeladen (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

BackTrack5 - Linux

  • 1. BACKTRACK -LINUX - Softare Security - Marius Antal
  • 2.
  • 3. “The quiter you become, the more you are able to hear”
  • 4. Introduction  There are certain tools when you are a security consultant that are just crucial to your job.  In the past couple of years one of the security tools that has risen to this rank is called Backtrack.
  • 5. Introduction  Linux-based  Penetration testing arsenal  Aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
  • 6. Introduction  Installed,  Booted from a Live DVD,  Booted from thumbdrive,  Optimized for a security system
  • 7. Introduction  Customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.  BEGINNER or EXPERT  The largest collection of wireless hacking, server exploiting, web application assessing, social- engineering tools available in a single Linux distribution.
  • 8. History  Named after backtracking, the search algorithm.  Current version - BackTrack 5 R1, code name "Revolution and it's Revision.“
  • 9. History  Originated from the merger of two competing distributions both based on Knoppix which focused on penetration testing:  WHAX: developed by Mati Aharoni, a security consultant.  Auditor Security Collection: a Live CD developed by Max Moser which included over 300 tools user friendly organized.
  • 10. History  Designed to be an all in one live cd  Used on security audits  Specifically crafted to not leave any remnants of itself on the laptop  The most widely adopted penetration testing framework  BackTrack 4 Pre-Final - over 4 million downloads  With support for both 32 bit and 64 bit platforms.
  • 11. Interface  Ubuntu based, user friendly operating system.  Different UI configurations that you can use to get started:  the gnome desktop interface  the KDE desktop interface.  For new users: Gnome interface  Advanced users: KDE version - more options to configure the system.
  • 12. Instalation  www.backtrack-linux.org/downloads/  ISO  UnetBootin  USB > 2GB  CD/DVD..
  • 13. Community  Opensource project:  started by Mati Aharoni and Max Moser  continued by a staff of individuals of different languages, regions, industries, and nationalities.  The community’s activity:  website, backtrack-linux.org  wiki page,  a blog,  their forum, http://www.backtrack-linux.org/forums/,  video tutorials, courses.
  • 14. Tools - categories  Contains more than 300 security tools and utilities that are ALL OPEN SOURCE.  Many security professionals prefer them over expensive commercial programs.  Also the hackers.
  • 15. Categories  Information gathering,  Network mapping,  Vulnerability identification,  Web application analysis,  Digital forensics,  Reverse engineering,  Basic penetration.
  • 16. Categories  Under each of the main categories, we'll find subheadings…
  • 17. Some tools  BackTrack Linux - a fine example of a specialized Linux distribution: no matter which part of the computer security field that you work in the Backtrack operating system should have you covered.  From Port scanners to password crackers, all can be found in Backtrack suite.
  • 18. Some tools – well known  Metasploit  RFMON  Aircrack-NG  Kismet  Nmap  Ophcrack  Ettercap
  • 19. Some tools – well known  Wireshark (formerly known as Ethereal)  BeEF (Browser Exploitation Framework)  Hydra  OWASP Mantra Security Framework collection of hacking tools, add-ons and scripts based on Firefox  Cisco OCS Mass Scanner A very reliable and fast scanner for Cisco routers with telnet/enable default password.  Quypt (Terminal Emulator) (which is private software by Crimson Hacking group, which has leaked to the Mainstream) Blackhat  A large collection of exploits as well as more commonplace software such as browsers.
  • 20. NMAP, flying under the radar  The main goal in any penetration test is to tread lightly so that you don't set off any intrusion detection alerts or cause a noticeable amount of activity on the systems and network in which you're working.  The activity must not look unusual to network engineers or other system administrators.
  • 21. NMAP, flying under the radar  One easy way to gather a lot of information on a target network quickly is to perform a SYN scan with Nmap.  A SYN scan doesn't make complete connections to a system's services.  A SYN scan never completes the TCP handshake process and therefore the target host never logs the attempt, so no alarms are triggered. (This technique works because TCP/IP is a "polite" protocol. It doesn't speak until spoken to.)
  • 22. NMAP, flying under the radar  1. The port scanner sends out a SYN request on a particular port number (22).  2. The target responds with an ACK.  3. The scanner notes the ACK and sends a RST(reset) to disconnect from the target.  No TCP connection ever takes place. The port scanner sends a SYN request to the next likely open port number, and so on..
  • 23. NMAP, flying under the radar  The SYN scan is very clean (leaves no trace) because no harm is done to the target. This type of scan works on all operating systems.  It's important to remain as quiet as possible during your reconnaissance phase so you can gather as much information as possible about systems and their potential vulnerabilities without detection.
  • 24. NMAP, flying under the radar  CLI  GUI – ZenMap(BackTrack > Information Gathering > Network Analysis > Network Scanners.)
  • 25. NMAP, flying under the radar  With only a simplest scan of a host (target), Zenmap provides a huge amount of information very quickly.  The Nmap command line equivalent of a scan is: nmap -T4 -A -v 192.168.1.250
  • 26. NMAP, flying under the radar  The exact version information related to listening services on a host, helps you determine vulnerabilities and exploitable services.  Nmap is an advanced tool that is widely used among security professionals and hackers.  It provides a great deal of information for the least amount of effort.
  • 27. NMAP, flying under the radar
  • 28. NMAP, flying under the radar  Demo.
  • 29. NCrack  Ncrack is a highly effective and fast network authentication cracking tool.  Its purpose is to assist you in identifying user accounts with weak passwords without the hassle of logging into each host and cracking a password hash.  Using it, you can check for weak FTP, SSH, TELNET, HTTP(S), POP3(S), SMB, RDP, and VNC passwords.
  • 30. NCrack  Next slide an actual ncrack scan looks like after a successful password crack.  The user account, bob, uses a very weak password: “cheese”.  It took ncrack two minutes thirty seconds to crack this password. This means that a hacker could login to this system using the 'bob' account in less than five minutes and commence working on breaking a privileged account or downloading malware with ease.
  • 31. NMAP, flying under the radar
  • 32. NMAP, flying under the radar  Demo.
  • 33. Conclusions  System security is serious problem, and the tools that hackers use to compromise your systems must be understood.  Running your own checks first and strengthening your defenses, you could save your project sometimes from millions of dollars in losses.  BackTrack contains all the tools needed by someone who wants to check a system’s security against unwantend guests.
  • 35. Bibliography  http://www.backtrack-linux.org/  A Review of the New Backtrack 5 Operating System. (n.d.). Retrieved from http://www.infosecisland.com/blogview/14138- A-Review-of-the-New-Backtrack-5-Operating-System.html  About Us: BackTrack. (n.d.). Retrieved from http://www.backtrack-linux.org/about/  BackTrack Linux: The Ultimate Hacker's Arsenal. (n.d.). Retrieved from http://www.admin- magazine.com/Articles/BackTrack-Linux-The-Ultimate-Hacker- s-Arsenal  Pendrive.com. (n.d.). Retrieved from http://www.pendrivelinux.com/usb-backtrack-linux- installation/  Wikipedia Backtrack page. (n.d.). Retrieved from http://en.wikipedia.org/wiki/BackTrack