4. Introduction
There are certain tools when you are a security
consultant that are just crucial to your job.
In the past couple of years one of the security tools
that has risen to this rank is called Backtrack.
5. Introduction
Linux-based
Penetration testing arsenal
Aids security professionals in the ability to perform
assessments in a purely native environment
dedicated to hacking.
7. Introduction
Customized down to every package, kernel
configuration, script and patch solely for the
purpose of the penetration tester.
BEGINNER or EXPERT
The largest collection of wireless hacking, server
exploiting, web application assessing, social-
engineering tools available in a single Linux
distribution.
8. History
Named after backtracking, the search algorithm.
Current version - BackTrack 5 R1, code name
"Revolution and it's Revision.“
9. History
Originated from the merger of two competing
distributions both based on Knoppix which
focused on penetration testing:
WHAX: developed by Mati Aharoni, a security
consultant.
Auditor Security Collection: a Live CD developed by
Max Moser which included over 300 tools user friendly
organized.
10. History
Designed to be an all in one live cd
Used on security audits
Specifically crafted to not leave any remnants of
itself on the laptop
The most widely adopted penetration testing
framework
BackTrack 4 Pre-Final - over 4 million downloads
With support for both 32 bit and 64 bit platforms.
11. Interface
Ubuntu based, user friendly operating system.
Different UI configurations that you can use to get
started:
the gnome desktop interface
the KDE desktop interface.
For new users: Gnome interface
Advanced users: KDE version - more options to
configure the system.
13. Community
Opensource project:
started by Mati Aharoni and Max Moser
continued by a staff of individuals of different languages,
regions, industries, and nationalities.
The community’s activity:
website, backtrack-linux.org
wiki page,
a blog,
their forum, http://www.backtrack-linux.org/forums/,
video tutorials, courses.
14. Tools - categories
Contains more than 300 security tools and utilities
that are ALL OPEN SOURCE.
Many security professionals prefer them over
expensive commercial programs.
Also the hackers.
15. Categories
Information gathering,
Network mapping,
Vulnerability identification,
Web application analysis,
Digital forensics,
Reverse engineering,
Basic penetration.
17. Some tools
BackTrack Linux - a fine example of a specialized
Linux distribution: no matter which part of the
computer security field that you work in the
Backtrack operating system should have you
covered.
From Port scanners to password crackers, all can
be found in Backtrack suite.
18. Some tools – well known
Metasploit
RFMON
Aircrack-NG
Kismet
Nmap
Ophcrack
Ettercap
19. Some tools – well known
Wireshark (formerly known as Ethereal)
BeEF (Browser Exploitation Framework)
Hydra
OWASP Mantra Security Framework collection of hacking
tools, add-ons and scripts based on Firefox
Cisco OCS Mass Scanner A very reliable and fast scanner for Cisco
routers with telnet/enable default password.
Quypt (Terminal Emulator) (which is private software by Crimson
Hacking group, which has leaked to the Mainstream) Blackhat
A large collection of exploits as well as more commonplace
software such as browsers.
20. NMAP, flying under the radar
The main goal in any penetration test is to tread
lightly so that you don't set off any intrusion
detection alerts or cause a noticeable amount of
activity on the systems and network in which
you're working.
The activity must not look unusual to network
engineers or other system administrators.
21. NMAP, flying under the radar
One easy way to gather a lot of information on a target
network quickly is to perform a SYN scan with Nmap.
A SYN scan doesn't make complete connections to a
system's services.
A SYN scan never completes the TCP handshake
process and therefore the target host never logs the
attempt, so no alarms are triggered. (This technique
works because TCP/IP is a "polite" protocol. It doesn't
speak until spoken to.)
22. NMAP, flying under the radar
1. The port scanner sends out a
SYN request on a particular port
number (22).
2. The target responds with an
ACK.
3. The scanner notes the ACK and
sends a RST(reset) to disconnect
from the target.
No TCP connection ever takes
place. The port scanner sends a
SYN request to the next likely
open port number, and so on..
23. NMAP, flying under the radar
The SYN scan is very clean (leaves no trace)
because no harm is done to the target. This type of
scan works on all operating systems.
It's important to remain as quiet as possible during
your reconnaissance phase so you can gather as
much information as possible about systems and
their potential vulnerabilities without detection.
24. NMAP, flying under the radar
CLI
GUI – ZenMap(BackTrack > Information Gathering
> Network Analysis > Network Scanners.)
25. NMAP, flying under the radar
With only a simplest scan of a host (target),
Zenmap provides a huge amount of information
very quickly.
The Nmap command line equivalent of a scan is:
nmap -T4 -A -v 192.168.1.250
26. NMAP, flying under the radar
The exact version information related to listening
services on a host, helps you determine
vulnerabilities and exploitable services.
Nmap is an advanced tool that is widely used
among security professionals and hackers.
It provides a great deal of information for the least
amount of effort.
29. NCrack
Ncrack is a highly effective and fast network
authentication cracking tool.
Its purpose is to assist you in identifying user
accounts with weak passwords without the hassle
of logging into each host and cracking a password
hash.
Using it, you can check for weak FTP, SSH,
TELNET, HTTP(S), POP3(S), SMB, RDP, and VNC
passwords.
30. NCrack
Next slide an actual ncrack scan looks like after a
successful password crack.
The user account, bob, uses a very weak password:
“cheese”.
It took ncrack two minutes thirty seconds to crack this
password. This means that a hacker could login to this
system using the 'bob' account in less than five minutes
and commence working on breaking a privileged
account or downloading malware with ease.
33. Conclusions
System security is serious problem, and the tools
that hackers use to compromise your systems
must be understood.
Running your own checks first and strengthening
your defenses, you could save your project
sometimes from millions of dollars in losses.
BackTrack contains all the tools needed by
someone who wants to check a system’s security
against unwantend guests.
35. Bibliography
http://www.backtrack-linux.org/
A Review of the New Backtrack 5 Operating System. (n.d.).
Retrieved from http://www.infosecisland.com/blogview/14138-
A-Review-of-the-New-Backtrack-5-Operating-System.html
About Us: BackTrack. (n.d.). Retrieved from
http://www.backtrack-linux.org/about/
BackTrack Linux: The Ultimate Hacker's Arsenal. (n.d.).
Retrieved from http://www.admin-
magazine.com/Articles/BackTrack-Linux-The-Ultimate-Hacker-
s-Arsenal
Pendrive.com. (n.d.). Retrieved from
http://www.pendrivelinux.com/usb-backtrack-linux-
installation/
Wikipedia Backtrack page. (n.d.). Retrieved from
http://en.wikipedia.org/wiki/BackTrack