+ All Categories
Home > Documents > Hands on with BackTrack

Hands on with BackTrack

Date post: 14-Jan-2016
Category:
Upload: astro
View: 61 times
Download: 0 times
Share this document with a friend
Description:
Hands on with BackTrack. Information gathering, scanning, simple exploits By Edison Carrick. Starting up and Getting an IP. startx ifup eth0. The Tools. The ‘K Menu’ That’s not all: The `/pentest` directory. netdiscover. ‘an active/passive address reconnaissance tool’ - PowerPoint PPT Presentation
Popular Tags:
12
Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick
Transcript
Page 1: Hands on with BackTrack

Hands on with BackTrack

Information gathering, scanning, simple exploits

By Edison Carrick

Page 2: Hands on with BackTrack

Starting up and Getting an IP

• startx

• ifup eth0

Page 3: Hands on with BackTrack

The Tools

• The ‘K Menu’

• That’s not all:– The `/pentest` directory

Page 4: Hands on with BackTrack

netdiscover

• ‘an active/passive address reconnaissance tool’

• Using ARP, it detects live hosts on a network.

Page 5: Hands on with BackTrack

nmap

• Nmap ("Network Mapper") is a free and open source commandline utility for network exploration or security auditing.

• Extremely powerful.

• Simple use:Nmap –v –A‘v’ for verbosity and ‘A’ for OS/version

Detection

Page 6: Hands on with BackTrack

ZenmapNmap, but prettier

• Zenmap is a GUI interface for nmap.• Easily detect OS, Services, TCP

sequences and more with a click or two of a button.

Page 7: Hands on with BackTrack

Exploits

• Databases and Programs– ExploitDB– Metasploit

• The internet– Exploit-db.com– Google

Page 8: Hands on with BackTrack

Searching for a vulnerability

• exploitDB – ./searchsploit

• Googling • Conveniently Remote Exploit has

included their exploitDB on backtrack.• Since we have a 2003 server lets

search for 2003 vulnerabilities.– ./searchsploit 2003– ./searchsploit 2k3

Page 9: Hands on with BackTrack

Exploring and Testing a written Exploit

• ‘cat’ perfect for viewing• Recognizing shellcode, and how the

exploit runs.• Running the exploit– ./7132.py– Finding the usage

Page 10: Hands on with BackTrack

Getting the Shell

• ./7132.py 192.168.1.2 2• Noticing that the exploit prints that

the shell is bound to the server on port 4444.

• Netcat- the tool for everything– nc –v 192.168.1.2 4444

Page 11: Hands on with BackTrack

Prevention?

• Keep servers and computers up-to-date and patched.

• Use only services that are necessary, and disable the ones unneeded.

• Using the default settings can be dangerous.

Page 12: Hands on with BackTrack

More Information

• NetDiscover- http://nixgeneration.com/~jaime/netdiscover/

• Nmap/Zenmap- http://nmap.org/ • http://www.exploit-db.com/• http://www.metasploit.com/• More on the MS08-067 vulnerability-

MS08-067• Background image for PowerPoint found

at- xshock.de


Recommended