Ingeniero
Páginas: 5 (1194 palabras)
Publicado: 7 de noviembre de 2012
P a g e |1
BackTrack 5 tutorial Part I: Information gathering and VA tools
Karthik R, Contributor
You can read the original story here, on SearchSecurity.in. BackTrack 5, codenamed “Revolution”, the much awaited penetration testing framework, was released in May 2011. It is a major development over BackTrack4 R2. BackTrack 5 is said to be built from scratch, and has seen major improvementsas well as bug fixes over previous versions. BackTrack is named after a search algorithm called “backtracking”. BackTrack 5 tools range from password crackers to full-fledged penetration testing tools and port scanners. BackTrack has 12 categories of tools, as shown in Figure 1 of this tutorial. Penetration testers usually perform their test attacks in five phases: 1. 2. 3. 4. 5. Informationgathering Scanning and vulnerability assessment Gaining access to the target Maintaining access with the target Clearing tracks
In this tutorial, we will look at the information
Figure 1: Categories of tools in BackTrack 5
gathering and vulnerability assessment tools in BackTrack 5.
Information gathering
Information gathering is the first and most important phase in penetration testing. Inthis phase, the attacker gains information about aspects such as the target network, open ports, live hosts and services running on each port. This creates an organizational profile of the target, along with the systems and networks in use. Figure 3 of this
http://searchsecurity.techtarget.in/tip/BackTrack-5-tutorial-Part-I-Information-gathering-and-VA-tools
P a g e |2
Figure 2: ZenmapUI in BackTrack 5 tutorial is a screenshot of Zenmap, the BackTrack information gathering and network analysis tool. The intense scan mode in Zenmap provides target information such as services running on each port, the version, the target operating system, network hop distance, workgroups and user accounts. This information is especially useful for white box testing. Other BackTrack 5 informationgathering tools of interest are CMS identification and IDS-IPS identification for web application analysis. CMS identification gives information about the underlying CMS, which can be used to do a vulnerability research on the CMS and gather all the available exploits to test the target system. The joomscan tool (for the Joomla CMS) is covered later in this tutorial.http://searchsecurity.techtarget.in/tip/BackTrack-5-tutorial-Part-I-Information-gathering-and-VA-tools
P a g e |3
Figure 3: Maltego UI in BackTrack 5 Another interesting and powerful tool is Maltego, generally used for SMTP analysis. Figure 4 of this tutorial shows Maltego in action. The Palette in Maltego shows the DNS name, domain, location, URL, email, and other details about the website. Maltego uses varioustransformations on these entities to give the pen tester necessary details about the target. Views such as mining view, edge weighted view, etc, provide a graphical representation of the data obtained about a particular target.
Vulnerability assessment
The second phase in pen testing is vulnerability assessment. After gaining some initial information and an organizational profile of the targetthrough conclusive foot-printing, we will assess the weak spots or vulnerabilities in the system. There are a number of vulnerability databases available online for ready use, but we will focus on what BackTrack 5 has to offer in this tutorial.
http://searchsecurity.techtarget.in/tip/BackTrack-5-tutorial-Part-I-Information-gathering-and-VA-tools
P a g e |4
Figure 4: Joomscan in action Webapplication scanners are used to assess website vulnerabilities. Figure 5 of this tutorial shows joomscan in action. Joomscan is meant for Joomla-based websites and reports vulnerabilities pre-stored in the repository. Joomscan can be run with the following command:
./joomscan.pl –u -x proxy:port
Here is the target Joomla website. Joomscan has options for version detection, server check,...
BackTrack 5 tutorial Part I: Information gathering and VA tools
Karthik R, Contributor
You can read the original story here, on SearchSecurity.in. BackTrack 5, codenamed “Revolution”, the much awaited penetration testing framework, was released in May 2011. It is a major development over BackTrack4 R2. BackTrack 5 is said to be built from scratch, and has seen major improvementsas well as bug fixes over previous versions. BackTrack is named after a search algorithm called “backtracking”. BackTrack 5 tools range from password crackers to full-fledged penetration testing tools and port scanners. BackTrack has 12 categories of tools, as shown in Figure 1 of this tutorial. Penetration testers usually perform their test attacks in five phases: 1. 2. 3. 4. 5. Informationgathering Scanning and vulnerability assessment Gaining access to the target Maintaining access with the target Clearing tracks
In this tutorial, we will look at the information
Figure 1: Categories of tools in BackTrack 5
gathering and vulnerability assessment tools in BackTrack 5.
Information gathering
Information gathering is the first and most important phase in penetration testing. Inthis phase, the attacker gains information about aspects such as the target network, open ports, live hosts and services running on each port. This creates an organizational profile of the target, along with the systems and networks in use. Figure 3 of this
http://searchsecurity.techtarget.in/tip/BackTrack-5-tutorial-Part-I-Information-gathering-and-VA-tools
P a g e |2
Figure 2: ZenmapUI in BackTrack 5 tutorial is a screenshot of Zenmap, the BackTrack information gathering and network analysis tool. The intense scan mode in Zenmap provides target information such as services running on each port, the version, the target operating system, network hop distance, workgroups and user accounts. This information is especially useful for white box testing. Other BackTrack 5 informationgathering tools of interest are CMS identification and IDS-IPS identification for web application analysis. CMS identification gives information about the underlying CMS, which can be used to do a vulnerability research on the CMS and gather all the available exploits to test the target system. The joomscan tool (for the Joomla CMS) is covered later in this tutorial.http://searchsecurity.techtarget.in/tip/BackTrack-5-tutorial-Part-I-Information-gathering-and-VA-tools
P a g e |3
Figure 3: Maltego UI in BackTrack 5 Another interesting and powerful tool is Maltego, generally used for SMTP analysis. Figure 4 of this tutorial shows Maltego in action. The Palette in Maltego shows the DNS name, domain, location, URL, email, and other details about the website. Maltego uses varioustransformations on these entities to give the pen tester necessary details about the target. Views such as mining view, edge weighted view, etc, provide a graphical representation of the data obtained about a particular target.
Vulnerability assessment
The second phase in pen testing is vulnerability assessment. After gaining some initial information and an organizational profile of the targetthrough conclusive foot-printing, we will assess the weak spots or vulnerabilities in the system. There are a number of vulnerability databases available online for ready use, but we will focus on what BackTrack 5 has to offer in this tutorial.
http://searchsecurity.techtarget.in/tip/BackTrack-5-tutorial-Part-I-Information-gathering-and-VA-tools
P a g e |4
Figure 4: Joomscan in action Webapplication scanners are used to assess website vulnerabilities. Figure 5 of this tutorial shows joomscan in action. Joomscan is meant for Joomla-based websites and reports vulnerabilities pre-stored in the repository. Joomscan can be run with the following command:
./joomscan.pl –u -x proxy:port
Here is the target Joomla website. Joomscan has options for version detection, server check,...
Leer documento completo
Regístrate para leer el documento completo.