BackTrack5 - Linux

BACKTRACK -LINUX

- Softare Security -

Marius Antal

“The quiter you
become, the more
you are able to hear”

Introduction

 There are certain tools when you are a security
consultant that are just crucial to your job.
 In the past couple of years one of the security tools
that has risen to this rank is called Backtrack.

Introduction

 Linux-based
 Penetration testing arsenal
 Aids security professionals in the ability to perform
assessments in a purely native environment
dedicated to hacking.

Introduction

 Installed,
 Booted from a Live DVD,
 Booted from thumbdrive,

 Optimized for a security system

Introduction

 Customized down to every package, kernel
configuration, script and patch solely for the
purpose of the penetration tester.
 BEGINNER or EXPERT
 The largest collection of wireless hacking, server
exploiting, web application assessing, social-
engineering tools available in a single Linux
distribution.

History

 Named after backtracking, the search algorithm.
 Current version - BackTrack 5 R1, code name
"Revolution and it's Revision.“

History

 Originated from the merger of two competing
distributions both based on Knoppix which
focused on penetration testing:
 WHAX: developed by Mati Aharoni, a security
consultant.
 Auditor Security Collection: a Live CD developed by
Max Moser which included over 300 tools user friendly
organized.

History

 Designed to be an all in one live cd
 Used on security audits
 Specifically crafted to not leave any remnants of
itself on the laptop
 The most widely adopted penetration testing
framework
 BackTrack 4 Pre-Final - over 4 million downloads
 With support for both 32 bit and 64 bit platforms.

Interface

 Ubuntu based, user friendly operating system.
 Different UI configurations that you can use to get
started:
 the gnome desktop interface
 the KDE desktop interface.
 For new users: Gnome interface
 Advanced users: KDE version - more options to
configure the system.

Instalation

 www.backtrack-linux.org/downloads/
 ISO
 UnetBootin
 USB > 2GB
 CD/DVD..

Community

 Opensource project:
 started by Mati Aharoni and Max Moser
 continued by a staff of individuals of different languages,
regions, industries, and nationalities.
 The community’s activity:
 website, backtrack-linux.org
 wiki page,
 a blog,
 their forum, http://www.backtrack-linux.org/forums/,
 video tutorials, courses.

Tools - categories

 Contains more than 300 security tools and utilities
that are ALL OPEN SOURCE.
 Many security professionals prefer them over
expensive commercial programs.
 Also the hackers.

Categories

 Information gathering,
 Network mapping,
 Vulnerability identification,
 Web application analysis,
 Digital forensics,
 Reverse engineering,
 Basic penetration.

Categories

 Under each of the main categories, we'll find
subheadings…

Some tools

 BackTrack Linux - a fine example of a specialized
Linux distribution: no matter which part of the
computer security field that you work in the
Backtrack operating system should have you
covered.
 From Port scanners to password crackers, all can
be found in Backtrack suite.

Some tools – well known

 Metasploit
 RFMON
 Aircrack-NG
 Kismet
 Nmap
 Ophcrack
 Ettercap

Some tools – well known

 Wireshark (formerly known as Ethereal)
 BeEF (Browser Exploitation Framework)
 Hydra
 OWASP Mantra Security Framework collection of hacking
tools, add-ons and scripts based on Firefox
 Cisco OCS Mass Scanner A very reliable and fast scanner for Cisco
routers with telnet/enable default password.
 Quypt (Terminal Emulator) (which is private software by Crimson
Hacking group, which has leaked to the Mainstream) Blackhat
 A large collection of exploits as well as more commonplace
software such as browsers.

NMAP, flying under the radar

 The main goal in any penetration test is to tread
lightly so that you don't set off any intrusion
detection alerts or cause a noticeable amount of
activity on the systems and network in which
you're working.
 The activity must not look unusual to network
engineers or other system administrators.


 One easy way to gather a lot of information on a target
network quickly is to perform a SYN scan with Nmap.
 A SYN scan doesn't make complete connections to a
system's services.
 A SYN scan never completes the TCP handshake
process and therefore the target host never logs the
attempt, so no alarms are triggered. (This technique
works because TCP/IP is a "polite" protocol. It doesn't
speak until spoken to.)

 1. The port scanner sends out a
SYN request on a particular port
number (22).
 2. The target responds with an
ACK.
 3. The scanner notes the ACK and
sends a RST(reset) to disconnect
from the target.
 No TCP connection ever takes
place. The port scanner sends a
SYN request to the next likely
open port number, and so on..


 The SYN scan is very clean (leaves no trace)
because no harm is done to the target. This type of
scan works on all operating systems.

 It's important to remain as quiet as possible during
your reconnaissance phase so you can gather as
much information as possible about systems and
their potential vulnerabilities without detection.


 CLI

 GUI – ZenMap(BackTrack > Information Gathering
> Network Analysis > Network Scanners.)


 With only a simplest scan of a host (target),
Zenmap provides a huge amount of information
very quickly.
 The Nmap command line equivalent of a scan is:
nmap -T4 -A -v 192.168.1.250


 The exact version information related to listening
services on a host, helps you determine
vulnerabilities and exploitable services.

 Nmap is an advanced tool that is widely used
among security professionals and hackers.

 It provides a great deal of information for the least
amount of effort.


 Demo.

NCrack

 Ncrack is a highly effective and fast network
authentication cracking tool.
 Its purpose is to assist you in identifying user
accounts with weak passwords without the hassle
of logging into each host and cracking a password
hash.
 Using it, you can check for weak FTP, SSH,
TELNET, HTTP(S), POP3(S), SMB, RDP, and VNC
passwords.

NCrack

 Next slide an actual ncrack scan looks like after a
successful password crack.
 The user account, bob, uses a very weak password:
“cheese”.
 It took ncrack two minutes thirty seconds to crack this
password. This means that a hacker could login to this
system using the 'bob' account in less than five minutes
and commence working on breaking a privileged
account or downloading malware with ease.

Conclusions

 System security is serious problem, and the tools
that hackers use to compromise your systems
must be understood.

 Running your own checks first and strengthening
your defenses, you could save your project
sometimes from millions of dollars in losses.

 BackTrack contains all the tools needed by
someone who wants to check a system’s security
against unwantend guests.

Bibliography
 http://www.backtrack-linux.org/
 A Review of the New Backtrack 5 Operating System. (n.d.).
Retrieved from http://www.infosecisland.com/blogview/14138-
A-Review-of-the-New-Backtrack-5-Operating-System.html
 About Us: BackTrack. (n.d.). Retrieved from
http://www.backtrack-linux.org/about/
 BackTrack Linux: The Ultimate Hacker's Arsenal. (n.d.).
Retrieved from http://www.admin-
magazine.com/Articles/BackTrack-Linux-The-Ultimate-Hacker-
s-Arsenal
 Pendrive.com. (n.d.). Retrieved from
http://www.pendrivelinux.com/usb-backtrack-linux-
installation/
 Wikipedia Backtrack page. (n.d.). Retrieved from
http://en.wikipedia.org/wiki/BackTrack

BackTrack5 - Linux

More Related Content

What's hot (20)

Similar to BackTrack5 - Linux (20)

Recently uploaded (20)

BackTrack5 - Linux