SlideShare ist ein Scribd-Unternehmen logo

BackTrack 4 R2 - SFISSA Presentation

Als PPTX, PDF herunterladen
Jorge Orchilles
Jorge Orchilles

This presentation was put together for a South Florida ISSA technical workshop.

Technologie
1 von 24
BackTrack 4 – R2 Jorge Orchilles Peter Greko South Florida ISSA
About Jorge Orchilles ,[object Object]
Security Analyst – Fortune 10
Consultant by night – Orchilles Consulting
Master of Science and BBA in Management Information Systems – Florida International University
Author – Microsoft Windows 7 Administrator’s Reference (Syngress)
Certifications – CISSP, GCIH, CEH, CICP, CCDA, CSSDS, MCTS, MCP, Security+
Organizations:
President South Florida ISSA
OWASP
InfraGard
Miami Electronic Crimes Task Force
Hack Miami,[object Object]
Intro to Back Track Live DVD for Penetration Testing Can download VM as well 300+ tools installed Saves a lot of time Runs on Ubuntu KDE http://www.backtrack-linux.org
Let’s Get Started Insert the Back Track 4 –R2 DVD and reboot your computer. When the BIOS comes up, press F2, F12, etc depending on your BIOS for the Boot Menu – select DVD. When BackTrack splash screen comes up press Enter. To log in: Username: root Password: toor
Configure Start KDE: startx Start networking: Open a terminal: /etc/init.d/networking start Wireless: KDE-Internet-Wicd Network Manager SSID: SFISSA WPA-PSK: SFISSArocks! DHCP: 192.168.1.200-249/24 Static IP: ifconfig eth0 192.168.1.1XX/24 route add default gw 192.168.1.1 (not required) DNS: echo nameserver <ip> > /etc/resolve.conf Do not use: 192.168.1.1 192.168.1.100 – Level 1 Victim 192.168.1.110 – Level 2 Victim 192.168.1.120 - Metasploitable Ping 192.168.1.110 to ensure you are up.
/pentest Get familiar with the BackTrack GUI and /pentest directory These are all the tools available to you How many have you played with already?
Ethical Hacking 101 0. Get Permission Information Gathering Recon – Scanning Gain Access Maintain Access Cover Tracks – clean up “Most of hacking is doing user and admin tasks with malicious intent.” – SANS SEC504 Class
0. Get Permission You have permission to attack ONLY the following hosts: 192.168.1.100 192.168.1.110 192.168.1.120 Anything else is considered illegal! SFISSA SFISSArocks!
1. Information Gathering We will be probing three hosts which were already given. Some background 100 and 110 are from Heorot.net 120 is called Metasploitable Not much else to do here No Google
Real Scenario You would most likely need to identify live hosts: Ping sweep: nmap –sP 192.168.1.0/24 DNS Zone transfer: host –l <domain.local> <DNSserverip> Netdiscover – BackTrack KDE Documentation Create a txt file with identified hosts.
2. Recon We will start by probing the hosts to determine open ports: nmap We can also run other automated tools, like a vulnerability scanner or web application scanner: Nessus Nikto
nmap Nmap is: Free and open source Tool to discover, monitor, and troubleshoot TCP/IP Cross Platform Simple to use http://nmap.org/
Using nmap 101 Millions of options nmap –h nmap [target] – scans 1000 most common TCP ports nmap –F [target] – scans 100 most common TCP ports nmap –iLfilename.txt – scans all hosts in file, one per line

Empfohlen

About linux-english
About linux-englishAbout linux-english
About linux-englishShota Ito
 
Linux Virus
Linux VirusLinux Virus
Linux VirusAkhil Kadangode
 
Mak3
Mak3Mak3
Mak3webuploader
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMPShaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 
Backtrack
BacktrackBacktrack
Backtrackn|u - The Open Security Community
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linuxmariuszantal
 
Intro To Hacking
Intro To HackingIntro To Hacking
Intro To Hackingnayakslideshare
 
NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin Davide Cioccia
 

Empfohlen

About linux-english
About linux-englishAbout linux-english
About linux-englishShota Ito
 
Linux Virus
Linux VirusLinux Virus
Linux VirusAkhil Kadangode
 
Mak3
Mak3Mak3
Mak3webuploader
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMPShaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 
Backtrack
BacktrackBacktrack
Backtrackn|u - The Open Security Community
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linuxmariuszantal
 
Intro To Hacking
Intro To HackingIntro To Hacking
Intro To Hackingnayakslideshare
 
NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin Davide Cioccia
 
visagie_freebsd
visagie_freebsdvisagie_freebsd
visagie_freebsdwebuploader
 
Managing the system and network connection Linux
Managing the system and network connection LinuxManaging the system and network connection Linux
Managing the system and network connection LinuxShriharsh Shendre
 
Backtrack
BacktrackBacktrack
BacktrackOne97 Communications Limited
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverGregory Hanis
 
Snort-IPS-Tutorial
Snort-IPS-TutorialSnort-IPS-Tutorial
Snort-IPS-TutorialVladimir Koychev
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference
 
EMSC1515104 Shehansuhail
EMSC1515104 ShehansuhailEMSC1515104 Shehansuhail
EMSC1515104 ShehansuhailMohomed Shehan
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...South Tyrol Free Software Conference
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short descriptionJose Moruno Cadima
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5Ayush Goyal
 
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...APNIC
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016DefensiveDepth
 
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]RootedCON
 
Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation Vipin George
 
Snort
SnortSnort
Snortbala150985
 
amrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapalibuildersreviews
 
2015.10.05 Updated > Network Device Development - Part 2: Firewall 101
2015.10.05 Updated > Network Device Development - Part 2: Firewall 1012015.10.05 Updated > Network Device Development - Part 2: Firewall 101
2015.10.05 Updated > Network Device Development - Part 2: Firewall 101Cheng-Yi Yu
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 
Ost ssl lec
Ost ssl lecOst ssl lec
Ost ssl lecKaustubh Joshi
 
Computer security
Computer securityComputer security
Computer securityMohamed Abdo
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1Nutan Kumar Panda
 

Weitere ähnliche Inhalte

Was ist angesagt?

Managing the system and network connection Linux
Managing the system and network connection LinuxManaging the system and network connection Linux
Managing the system and network connection LinuxShriharsh Shendre
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverGregory Hanis
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference
 
EMSC1515104 Shehansuhail
EMSC1515104 ShehansuhailEMSC1515104 Shehansuhail
EMSC1515104 ShehansuhailMohomed Shehan
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...South Tyrol Free Software Conference
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short descriptionJose Moruno Cadima
 
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...APNIC
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016DefensiveDepth
 
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]RootedCON
 
Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation Vipin George
 
amrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapalibuildersreviews
 
2015.10.05 Updated > Network Device Development - Part 2: Firewall 101
2015.10.05 Updated > Network Device Development - Part 2: Firewall 1012015.10.05 Updated > Network Device Development - Part 2: Firewall 101
2015.10.05 Updated > Network Device Development - Part 2: Firewall 101Cheng-Yi Yu
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web WorkshopDennis Maldonado
 

Was ist angesagt? (20)

visagie_freebsd
visagie_freebsdvisagie_freebsd
visagie_freebsd
 
Managing the system and network connection Linux
Managing the system and network connection LinuxManaging the system and network connection Linux
Managing the system and network connection Linux
 
Backtrack
BacktrackBacktrack
Backtrack
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
 
Snort-IPS-Tutorial
Snort-IPS-TutorialSnort-IPS-Tutorial
Snort-IPS-Tutorial
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
 
EMSC1515104 Shehansuhail
EMSC1515104 ShehansuhailEMSC1515104 Shehansuhail
EMSC1515104 Shehansuhail
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
 
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short description
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5
 
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016
 
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
 
Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation
 
Snort
SnortSnort
Snort
 
amrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdf
 
2015.10.05 Updated > Network Device Development - Part 2: Firewall 101
2015.10.05 Updated > Network Device Development - Part 2: Firewall 1012015.10.05 Updated > Network Device Development - Part 2: Firewall 101
2015.10.05 Updated > Network Device Development - Part 2: Firewall 101
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web Workshop
 
Ost ssl lec
Ost ssl lecOst ssl lec
Ost ssl lec
 

Andere mochten auch

How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drivekriggins
 

Andere mochten auch (6)

Computer security
Computer securityComputer security
Computer security
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
 
How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drive
 
Backtrack Manual Part9
Backtrack Manual Part9Backtrack Manual Part9
Backtrack Manual Part9
 
Backtrack Manual Part10
Backtrack Manual Part10Backtrack Manual Part10
Backtrack Manual Part10
 
Backtrack Manual Part2
Backtrack Manual Part2Backtrack Manual Part2
Backtrack Manual Part2
 

Ähnlich wie BackTrack 4 R2 - SFISSA Presentation

bh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdbh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdwebuploader
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
 
Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Andrew Case
 
RenasCON 2023: Learning from honeypots
RenasCON 2023: Learning from honeypotsRenasCON 2023: Learning from honeypots
RenasCON 2023: Learning from honeypotsAPNIC
 
Linux or unix interview questions
Linux or unix interview questionsLinux or unix interview questions
Linux or unix interview questionsTeja Bheemanapally
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
CEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptxCEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptxYasserOuda2
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsIgor Beliaiev
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened EnvironmentsLet Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened EnvironmentsNicolas Collery
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersYury Chemerkin
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - RoutersLogicaltrust pl
 
How hackers attack networks
How hackers attack networksHow hackers attack networks
How hackers attack networksAdeel Javaid
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commandsHanan Nmr
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco routerIT Tech
 
Introduction To Unix
Introduction To UnixIntroduction To Unix
Introduction To UnixCTIN
 

Ähnlich wie BackTrack 4 R2 - SFISSA Presentation (20)

Presentación1
Presentación1Presentación1
Presentación1
 
bh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdbh-us-02-murphey-freebsd
bh-us-02-murphey-freebsd
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
 
Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)
 
RenasCON 2023: Learning from honeypots
RenasCON 2023: Learning from honeypotsRenasCON 2023: Learning from honeypots
RenasCON 2023: Learning from honeypots
 
Linux or unix interview questions
Linux or unix interview questionsLinux or unix interview questions
Linux or unix interview questions
 
Nullbyte 6ed. 2019
Nullbyte 6ed. 2019Nullbyte 6ed. 2019
Nullbyte 6ed. 2019
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
 
CEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptxCEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptx
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and Results
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened EnvironmentsLet Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
 
How hackers attack networks
How hackers attack networksHow hackers attack networks
How hackers attack networks
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commands
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
 
Introduction To Unix
Introduction To UnixIntroduction To Unix
Introduction To Unix
 

Mehr von Jorge Orchilles

SCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzSCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzJorge Orchilles
 
So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamerJorge Orchilles
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyJorge Orchilles
 
KringleCon 3 Providing Value in Offensive Security
KringleCon 3 Providing Value in Offensive SecurityKringleCon 3 Providing Value in Offensive Security
KringleCon 3 Providing Value in Offensive SecurityJorge Orchilles
 
C2 Matrix Anniversary - Blackhat EU 2020
C2 Matrix Anniversary - Blackhat EU 2020C2 Matrix Anniversary - Blackhat EU 2020
C2 Matrix Anniversary - Blackhat EU 2020Jorge Orchilles
 
Purple Team Exercise Workshop December 2020
Purple Team Exercise Workshop December 2020Purple Team Exercise Workshop December 2020
Purple Team Exercise Workshop December 2020Jorge Orchilles
 
External Threat Hunters are Red Teamers
External Threat Hunters are Red TeamersExternal Threat Hunters are Red Teamers
External Threat Hunters are Red TeamersJorge Orchilles
 
Evolution of Offensive Assessments - SecureWV Conference
Evolution of Offensive Assessments - SecureWV ConferenceEvolution of Offensive Assessments - SecureWV Conference
Evolution of Offensive Assessments - SecureWV ConferenceJorge Orchilles
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatJorge Orchilles
 
Evolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootConEvolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootConJorge Orchilles
 
8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 MatrixJorge Orchilles
 
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerDEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerJorge Orchilles
 
Blackhat 2020 Arsenal - C2 Matrix
Blackhat 2020 Arsenal - C2 MatrixBlackhat 2020 Arsenal - C2 Matrix
Blackhat 2020 Arsenal - C2 MatrixJorge Orchilles
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFJorge Orchilles
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConJorge Orchilles
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
 
Cuddling the Cozy Bear Emulating APT29
Cuddling the Cozy Bear Emulating APT29Cuddling the Cozy Bear Emulating APT29
Cuddling the Cozy Bear Emulating APT29Jorge Orchilles
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Jorge Orchilles
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpConJorge Orchilles
 

Mehr von Jorge Orchilles (20)

SCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzSCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim Schulz
 
So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamer
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security Weekly
 
KringleCon 3 Providing Value in Offensive Security
KringleCon 3 Providing Value in Offensive SecurityKringleCon 3 Providing Value in Offensive Security
KringleCon 3 Providing Value in Offensive Security
 
C2 Matrix Anniversary - Blackhat EU 2020
C2 Matrix Anniversary - Blackhat EU 2020C2 Matrix Anniversary - Blackhat EU 2020
C2 Matrix Anniversary - Blackhat EU 2020
 
Purple Team Exercise Workshop December 2020
Purple Team Exercise Workshop December 2020Purple Team Exercise Workshop December 2020
Purple Team Exercise Workshop December 2020
 
External Threat Hunters are Red Teamers
External Threat Hunters are Red TeamersExternal Threat Hunters are Red Teamers
External Threat Hunters are Red Teamers
 
Evolution of Offensive Assessments - SecureWV Conference
Evolution of Offensive Assessments - SecureWV ConferenceEvolution of Offensive Assessments - SecureWV Conference
Evolution of Offensive Assessments - SecureWV Conference
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHat
 
Evolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootConEvolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootCon
 
8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix
 
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerDEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
 
Blackhat 2020 Arsenal - C2 Matrix
Blackhat 2020 Arsenal - C2 MatrixBlackhat 2020 Arsenal - C2 Matrix
Blackhat 2020 Arsenal - C2 Matrix
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMCon
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
 
Cuddling the Cozy Bear Emulating APT29
Cuddling the Cozy Bear Emulating APT29Cuddling the Cozy Bear Emulating APT29
Cuddling the Cozy Bear Emulating APT29
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSE
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpCon
 

Kürzlich hochgeladen

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 

Kürzlich hochgeladen (20)

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 

BackTrack 4 R2 - SFISSA Presentation

  • 1. BackTrack 4 – R2 Jorge Orchilles Peter Greko South Florida ISSA
  • 2.
  • 4. Consultant by night – Orchilles Consulting
  • 5. Master of Science and BBA in Management Information Systems – Florida International University
  • 6. Author – Microsoft Windows 7 Administrator’s Reference (Syngress)
  • 7. Certifications – CISSP, GCIH, CEH, CICP, CCDA, CSSDS, MCTS, MCP, Security+
  • 10. OWASP
  • 13.
  • 14. Intro to Back Track Live DVD for Penetration Testing Can download VM as well 300+ tools installed Saves a lot of time Runs on Ubuntu KDE http://www.backtrack-linux.org
  • 15. Let’s Get Started Insert the Back Track 4 –R2 DVD and reboot your computer. When the BIOS comes up, press F2, F12, etc depending on your BIOS for the Boot Menu – select DVD. When BackTrack splash screen comes up press Enter. To log in: Username: root Password: toor
  • 16. Configure Start KDE: startx Start networking: Open a terminal: /etc/init.d/networking start Wireless: KDE-Internet-Wicd Network Manager SSID: SFISSA WPA-PSK: SFISSArocks! DHCP: 192.168.1.200-249/24 Static IP: ifconfig eth0 192.168.1.1XX/24 route add default gw 192.168.1.1 (not required) DNS: echo nameserver <ip> > /etc/resolve.conf Do not use: 192.168.1.1 192.168.1.100 – Level 1 Victim 192.168.1.110 – Level 2 Victim 192.168.1.120 - Metasploitable Ping 192.168.1.110 to ensure you are up.
  • 17. /pentest Get familiar with the BackTrack GUI and /pentest directory These are all the tools available to you How many have you played with already?
  • 18. Ethical Hacking 101 0. Get Permission Information Gathering Recon – Scanning Gain Access Maintain Access Cover Tracks – clean up “Most of hacking is doing user and admin tasks with malicious intent.” – SANS SEC504 Class
  • 19. 0. Get Permission You have permission to attack ONLY the following hosts: 192.168.1.100 192.168.1.110 192.168.1.120 Anything else is considered illegal! SFISSA SFISSArocks!
  • 20. 1. Information Gathering We will be probing three hosts which were already given. Some background 100 and 110 are from Heorot.net 120 is called Metasploitable Not much else to do here No Google
  • 21. Real Scenario You would most likely need to identify live hosts: Ping sweep: nmap –sP 192.168.1.0/24 DNS Zone transfer: host –l <domain.local> <DNSserverip> Netdiscover – BackTrack KDE Documentation Create a txt file with identified hosts.
  • 22. 2. Recon We will start by probing the hosts to determine open ports: nmap We can also run other automated tools, like a vulnerability scanner or web application scanner: Nessus Nikto
  • 23. nmap Nmap is: Free and open source Tool to discover, monitor, and troubleshoot TCP/IP Cross Platform Simple to use http://nmap.org/
  • 24. Using nmap 101 Millions of options nmap –h nmap [target] – scans 1000 most common TCP ports nmap –F [target] – scans 100 most common TCP ports nmap –iLfilename.txt – scans all hosts in file, one per line
  • 25. Using nmap 102 nmap –sS [target] – SYN Scan nmap –O – os fingerprinting nmap –p80 – scans port 80 -p- all ports -p21,22,25,80 – scans those ports nmap –v – verbose nmap –n – do not resolve DNS Many cheat sheets online and –h has many more Example nmap –sSV –n –O –P0 192.168.1.100 > 100TCP.txt
  • 26. Lab Open a terminal cd to location where hosts.txt is nmap –n –F –iLhosts.txt This will do a quick scan (100 most common TCP ports) for each live host What did you find? What now? Documentation http://192.168.1.100
  • 27. Go at it The intro and scenario has been set Feel free to hack away at the three hosts: 192.168.1.100 192.168.1.110 192.168.1.120
  • 28. Nessus Nessus is NOT a part of BackTrack but the best vulnerability scanner available http://www.tenablesecurity.com For BackTrack 4 download – Ubuntu 8.04 32bit.deb Install: dpkg –I *.deb /opt/nessus/sbin/nessus-adduser Register: http://www.nessus.org/plugins/?view=register-info Start Nessus: /etc/init.d/nessusd start https://localhost:8834/
  • 29. Nikto Web Server Scanner http://cirt.net/nikto2 /pentest/scanners/nikto ./nikto.pl –host <websiteip>:<port>
  • 30. 3. Gain Access Leverage findings from steps 1 and 2 What have we found? Use Hydra to brute force ssh using possible usernames.
  • 31. 3. Elevate Privileges The user you cracked doesn’t have enough privileges… how do you find who does? Cat /etc/passwd Cat /etc/group Bruteforce SSH with known user that has sudoprivs….
  • 32. Keep Going and Try Harder!!! Each scenario is different Use what you know and have experienced in the past in the current scenario. Tools won’t do it all, use your head!
  • 33. Conclusion and Take Away Get permission Run some scans on your hosts Nmap Nessus Nikto Always be willing to learn more, try harder, and think harder
  • 34. Questions? Jorge Orchilles jorge@orchilles.com Twitter: jorgeorchilles http://www.orchilles.com