Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide E-Book
Lee Allen
47,99 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
The internet security field has grown by leaps and bounds over the last decade. Everyday more people around the globe gain access to the internet and not all of them with good intentions. The need for penetration testers has grown now that the security industryhas had time to mature. Simply running a vulnerability scanner is a thing of the past and is no longer an effective method of determining a business's true security posture. Learn effective penetration testing skills so that you can effectively meet and manage the rapidly changing security needs of your company. Advanced Penetration Testing for Highly-Secured Environments will teach you how to efficiently and effectively ensure the security posture of environments that have been secured using IDS/IPS, firewalls, network segmentation, hardened system configurations and more. The stages of a penetration test are clearly defined and addressed using step-by-step instructions that you can follow on your own virtual lab.The book follows the standard penetration testing stages from start to finish with step-by-step examples. The book thoroughly covers penetration test expectations, proper scoping and planning, as well as enumeration and footprinting. You'll learn how to clean up and compile proof of concept, exploit code from the web, advanced web application testing techniques, client side attacks, post exploitation strategies, detection avoidance methods, generation of well defined reports and metrics, and setting up a penetration testing virtual lab that mimics a secured environment. The book closes by issuing a challenge to your skills and ability to perform a full penetration test against a fictional corporation; followed by a detailed walk through of the solution.Advanced Penetration Testing for Highly-Secured Environments is packed with detailed examples that reinforce enumeration, exploitation, post-exploitation, reporting skills and more.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 464
Veröffentlichungsjahr: 2012
Ähnliche
Table of Contents
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
Copyright © 2012 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: May 2012
Production Reference: 1090512
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK
ISBN 978-1-84951-774-4
www.packtpub.com
Cover Image by Asher Wishkerman (<[email protected]>)
Credits
Author
Lee Allen
Reviewers
Steven McElrea
Aaron M. Woody
Acquisition Editor
Kartikey Pandey
Lead Technical Editor
Kartikey Pandey
Technical Editor
Naheed Shaikh
Project Coordinator
Michelle Quadros
Proofreader
Lynda Sliwoski
Indexer
Tejal Daruwale
Graphics
Manu Joseph
Production Coordinator
Prachali Bhiwandkar
Cover Work
Prachali Bhiwandkar
About the Author
LeeAllen is currently the Vulnerability Management Program Lead for one of the Fortune 500. Among many other responsibilities, he performs security assessments and penetration testing.
Lee is very passionate and driven about the subject of penetration testing and security research. His journey into the exciting world of security began back in the 80s while visiting BBS's with his trusty Commodore 64 and a room carpeted with 5.25-inch diskettes. Throughout the years, he has continued his attempts at remaining up-to-date with the latest and greatest in the security industry and the community.
He has several industry certifications including the OSWP and has been working in the IT industry for over 15 years. His hobbies and obsessions include validating and reviewing proof of concept exploit code, programming, security research, attending security conferences, discussing technology, writing, 3D Game development, and skiing.
I would like to thank my wife Kellie for always being supportive and my children Heather, Kristina, Natalie, Mason, Alyssa, and Seth for helping me perfect the art of multitasking. I would also like to thank my son-in-law Justin Willis for his service to our country. In addition, I would like to thank Kartikey Pandey and Michelle Quadros for their help and guidance throughout the writing process. A special thanks goes to Steven McElrea and Aaron M. Woody for taking the time to work through all of the examples and labs in the book and to point out my errors, it's people like you that make the security community awesome and fun!
About the Reviewers
StevenMcElrea has been working in IT for over 10 years mostly as a Microsoft Windows and Exchange Server administrator. Having been bitten by the security bug, he's been playing around and learning about InfoSec for a several years now. He has a nice little blog (www.kioptrix.com) that does its best to show and teach the newcomers the basic principals of information security. He is currently working in security professionally and he loves it. The switch to InfoSec is the best career move he could've made.
Thank you Amélie, Victoria, and James. Je vous aimes tous. Thanks to Richer for getting me into this mess in the first place. Also, I need to thank Dookie for helping me calm down and getting my foot in the door. I must also thank my parents for being supportive, even during our difficult times; I love you both.
Aaron M. Woody is an expert in information security with over 14 years experience across several industry verticals. His experience includes securing some of the largest financial institutions in the world performing perimeter security implementation and forensics investigations. Currently, Aaron is a Solutions Engineer for a leading information security firm, Accuvant Inc., based in Denver, CO. He is an active instructor, teaching hacking and forensics, and maintains a blog, n00bpentesting.com. Aaron can also be followed on twitter at @shai_saint.
I sincerely thank my wife Melissa and my children, Alexis, Elisa, and Jenni for sharing me with this project. I also appreciate the sanity checks by Steven McElrea (@loneferret) for his friendship and partnership during the review process. I would like to give an extra special thanks to Lee Allen for involving me in this project; thank you.
www.PacktPub.com
Support files, eBooks, discount offers and more
You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.
Why Subscribe?
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.
In memory of my best friend Melvin Raymond Johnson Jr.
Preface
Penetration testers are faced with a combination of firewalls, intrusion detection systems, host-based protection, hardened systems, and teams of knowledgeable analysts that pour over data collected by their security information management systems. In an environment such as this, simply running automated tools will typically yield few results. The false sense of this security can easily result in the loss of critical data and resources.
Advanced Penetration Testing for Highly Secured Environments provides guidance on going beyond the basic automated scan. It will provide you with a stepping stone which can be used to take on the complex and daunting task of effectively measuring the entire attack surface of a traditionally secured environment.
Advanced Penetration Testing for Highly Secured Environments uses only freely available tools and resources to teach these concepts. One of the tools we will be using is the well-known penetration testing platform BackTrack. BackTrack's amazing team of developers continuously update the platform to provide some of the best security tools available. Most of the tools we will use for simulating a penetration test are contained on the most recent version of BackTrack.
The Penetration Testing Execution Standard (PTES), http://www.pentest-standard.org, is used as a guideline for many of our stages. Although not everything within the standard will be addressed, we will attempt to align the knowledge in this book with the basic principles of the standard when possible.
Advanced Penetration Testing for Highly Secured Environments provides step-by-step instructions on how to emulate a highly secured environment on your own equipment using VirtualBox, pfSense, snort, and similar technologies. This enables you to practice what you have learned throughout the book in a safe environment. You will also get a chance to witness what security response teams may see on their side of the penetration test while you are performing your testing!
Advanced Penetration Testing for Highly Secured Environments wraps up by presenting a challenge in which you will use your virtual lab to simulate an entire penetration test from beginning to end. Penetration testers need to be able to explain mitigation tactics with their clients; with this in mind we will be addressing various mitigation strategies that will address the attacks listed throughout the chapters.
What this book covers
Chapter 1, Planning and Scoping for a Successful Penetration Test, introduces you to the anatomy of a penetration test. You will learn how to effectively determine the scope of the penetration test as well as where to place your limits, such as when dealing with third-party vendor equipment or environments. Prioritization techniques will also be discussed.
Chapter 2, Advanced Reconnaissance Techniques, will guide you through methods of data collection that will typically avoid setting off alerts. We will focus on various reconnaissance strategies including digging into the deep web and specialty sites to find information about your target.
Chapter 3, Enumeration: Choosing Your Targets Wisely, provides a thorough description of the methods used to perform system footprinting and network enumeration. The goal is to enumerate the environment and to explain what to look for when selecting your targets. This chapter touches upon mid to advanced Nmap techniques and using PBNJ to detect changes on the network. The chapter closes with tips on how to avoid enumeration attempts as well as methods of trying to confuse an attacker (to buy time for the blue team).
Chapter 4, Remote Exploitation, will delve into the Metasploit® framework. We will also describe team based testing with Armitage. We take a look at proof of concept exploit code from Exploit-DB.com which we will rewrite and compile; we also take a look at THC Hydra and John the Ripper for password attacks.
Chapter 5, Web Application Exploitation, has a focus on web application attacks. We will begin by providing step-by-step instructions on how to build a web application exploitation lab and then move toward detailing the usage of w3af and WebScarab. Load balancing is discussed in detail as many environments now have these features. We introduce you to methods of detecting web application firewalls and load balancing with hands-on examples. We finish this chapter with an introduction to the Mantra browser.
Chapter 6, Exploits and Client-Side Attacks, discusses bypassing AV signatures, details the more advanced features of the Social Engineering Toolkit, and goes over the details of buffer overflows and fuzzing.
Chapter 7, Post-Exploitation, describes the activities performed after a successful attack has been completed. We will cover privilege escalation, advanced meterpreter functionality, setting up privileged accounts on different OS types, and cleaning up afterwards to leave a pristine system behind.
Chapter 8, Bypassing Firewalls and Avoiding Detections, covers methods that can be used to attempt to bypass detection while testing. This includes avoiding intrusion detection systems and advanced evasion techniques. We also discuss methods of increasing the detectability of malicious users or applications.
Chapter 9, Data Collection Tools and Reporting, will help you create reports and statistics from all of the data that you have gathered throughout this testing. You will learn how to collect all of the testing data and how to validate results. You will also be walked through generating your report.
Chapter 10, Setting Up Virtual Testing Lab Environments, walks you through setting up a test environment that mimics a corporation that has a multitier DMZ environment using IDS and "some" hardened systems and apps. This includes setting up VBOX, BackTrack, virtual firewalls, IDS and Monitoring.
Chapter 11, Take the Challenge – Putting It All Together, will allow you to gain hands-on experience using the skills you have learned throughout the book. We will set challenges for you that require you to perform a penetration test on your testing environment from start to finish. We will offer step-by-step solutions to the challenges to ensure that the material has been fully absorbed.
What you need for this book
In order to practice the material, you will need a computer with sufficient power and space to run the virtualization tools that we need to build the lab. Any modern computer with a bit of hard drive space should suffice. The virtualization tools described within can be run on most modern Operating Systems available today.
Who this book is for
This book is for any ethical person with the drive, conviction, and the willingness to think out-of-the-box and to learn about security testing. Much of the material in this book is directed at someone who has some experience with security concepts and has a basic understanding of different operating systems. If you are a penetration tester, security consultant, or just generally have an interest in testing the security of your environment then this book is for you.
Please note:
The information herein must only be used while testing environments with proper written authorization from the appropriate persons.
Conventions
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "We will use a picture named FotoStation.jpg ".
A block of code is set as follows:
When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Setting the Networkadapter to InternalNetwork allows our BackTrack system to share the same subnet with the newly-created Ubuntu machine."
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title through the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the erratasubmissionform link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website, or added to any list of existing errata, under the Errata section of that title.
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
Questions
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.
Chapter 1. Planning and Scoping for a Successful Penetration Test
This chapter provides an introduction to the planning and preparation required to test complex and hardened environments. You will be introduced to the following topics:
Introduction to advanced penetration testing
Penetration testing is necessary to determine the true attack footprint of your environment. It may often be confused with vulnerability assessment and thus it is important that the differences should be fully explained to your clients.
Vulnerability assessments
Vulnerability assessments are necessary for discovering potential vulnerabilities throughout the environment. There are many tools available that automate this process so that even an inexperienced security professional or administrator can effectively determine the security posture of their environment. Depending on scope, additional manual testing may also be required. Full exploitation of systems and services is not generally in scope for a normal vulnerability assessment engagement. Systems are typically enumerated and evaluated for vulnerabilities, and testing can often be done with or without authentication. Most vulnerability management and scanning solutions provide actionable reports that detail mitigation strategies such as applying missing patches, or correcting insecure system configurations.
Penetration testing
Penetration testing expands upon vulnerability assessment efforts by introducing exploitation into the mix
Tip
The risk of accidentally causing an unintentional denial of service or other outage is moderately higher when conducting a penetration test than it is when conducting vulnerability assessments. To an extent, this can be mitigated by proper planning, and a solid understanding of the technologies involved during the testing process. Thus, it is important that the penetration tester continually updates and refines the necessary skills.
Penetration testing allows the business to understand if the mitigation strategies employed are actually working as expected; it essentially takes the guesswork out of the equation. The penetration tester will be expected to emulate the actions that an attacker would attempt and will be challenged with proving that they were able to compromise the critical systems targeted. The most successful penetration tests result in the penetration tester being able to prove without a doubt that the vulnerabilities that are found will lead to a significant loss of revenue unless properly addressed. Think of the impact that you would have if you could prove to the client that practically anyone in the world has easy access to their most confidential information!
Penetration testing requires a higher skill level than is needed for vulnerability analysis. This generally means that the price of a penetration test will be much higher than that of a vulnerability analysis. If you are unable to penetrate the network you will be ensuring your clientele that their systems are secure to the best of your knowledge. If you want to be able to sleep soundly at night, I recommend that you go above and beyond in verifying the security of your clients.
Advanced penetration testing
Some environments will be more secured than others. You will be faced with environments that use:
Effective use of these controls increases the difficulty level of a penetration test significantly. Clients need to have complete confidence that these security mechanisms and procedures are able to protect the integrity, confidentiality, and availability of their systems. They also need to understand that at times the reason an attacker is able to compromise a system is due to configuration errors, or poorly designed IT architecture.
Note that there is no such thing as a panacea in security. As penetration testers, it is our duty to look at all angles of the problem and make the client aware of anything that allows an attacker to adversely affect their business.
Advanced penetration testing goes above and beyond standard penetration testing by taking advantage of the latest security research and exploitation methods available. The goal should be to prove that sensitive data and systems are protected even from a targeted attack, and if that is not the case, to ensure that the client is provided with the proper instruction on what needs to be changed to make it so.
Note
A penetration test is a snapshot of the current security posture. Penetration testing should be performed on a continual basis.
Many exploitation methods are poorly documented, frequently hard to use, and require hands-on experience to effectively and efficiently execute. At DefCon 19 Bruce "Grymoire" Barnett provided an excellent presentation on "Deceptive Hacking". In this presentation, he discussed how hackers use many of the very same techniques used by magicians. It is my belief that this is exactly the tenacity that penetration testers must assume as well. Only through dedication, effort, practice, and the willingness to explore unknown areas will penetration testers be able to mimic the targeted attack types that a malicious hacker would attempt in the wild.
Often times you will be required to work on these penetration tests as part of a team and will need to know how to use the tools that are available to make this process more endurable and efficient. This is yet another challenge presented to today's pentesters. Working in a silo is just not an option when your scope restricts you to a very limited testing period.
In some situations, companies may use non-standard methods of securing their data, which makes your job even more difficult. The complexity of their security systems working in tandem with each other may actually be the weakest link in their security strategy.
Note
The likelihood of finding exploitable vulnerabilities is directly proportional to the complexity of the environment being tested.
Before testing begins
Before we commence with testing, there are requirements that must be taken into consideration. You will need to determine the proper scoping of the test, timeframes and restrictions, the type of testing (Whitebox, Blackbox), and how to deal with third-party equipment and IP space. The Penetration Testing Execution Standard (PTES) lists these scoping items as part of the "Pre-Engagement Interaction" stage. I highly recommend that you review this phase at: http://www.pentest-standard.org/index.php/Pre-engagement.
Note
Although this book does not follow the PTES directly, I will attempt to point out the sections of the PTES where the material relates.
Determining scope
Before you can accurately determine the scope of the test, you will need to gather as much information as possible. It is critical that the following is fully understood prior to starting testing procedures:
This listing is not all-inclusive and you may need to add items to the list depending on the requirements of your clients. Much of this data can be gathered directly from the client, but some will have to be handled by your team.
If there are legal concerns, it is recommended that you seek legal counsel to ensure you fully understand the implications of your testing. It is better to have too much information than not enough, once the time comes to begin testing. In any case, you should always verify for yourself that the information you have been given is accurate. You do not want to find out that the systems you have been accessing do not actually fall under the authority of the client!
Note
It is of utmost importance to gain proper authorization inwriting before accessing any of your clients systems. Failure to do so may result in legal action and possibly jail. Use proper judgement! You should also consider that Errors and Omissions insurance is a necessity when performing penetration testing.
Setting limits — nothing lasts forever
Setting proper limitations is essential if you want to be successful at performing penetration testing. Your clients need to understand the full ramifications involved, and should be made aware of any residual costs incurred if additional services beyond those listed within the contract are needed.
Be sure to set defined start and end dates for your services. Clearly define the rules of engagement and include IP ranges, buildings, hours, and so on, that may need to be tested. If it is not in your rules of engagement documentation, it should not be tested. Meetings should be predefined prior to the start of testing, and the customer should know exactly what your deliverables will be.
Rules of engagement documentation
Every penetration test will need to start with a rules of engagement document that all involved parties must have. This document should at minimum cover several items:
The rules of engagement should contain all the details that are needed to determine the scope of the assessment. Any questions should have been answered prior to drafting your rules of engagement to ensure there are no misunderstandings once the time comes to test. Your team members need to keep a copy of this signed document on their person at all times when performing the test.
Imagine you have been hired to assert the security posture of a client's wireless network and you are stealthily creeping along the parking lot on private property with your gigantic directional Wi-Fi antenna and a laptop. If someone witnesses you in this act, they will probably be concerned and call the authorities. You will need to have something on you that documents you have a legitimate reason to be there. This is one time where having the contact information of the business leaders that hired you will come in extremely handy!
Planning for action
Once the time has come to start your testing, you will want to be prepared. This entails having an action plan available, all of your equipment and scripts up and running, and of course having some mechanism for recording all steps and actions taken. This will provide you with a reference for yourself and other team members. You may remember the steps you took to bypass that firewall now, but what about four months from now when you are facing the same challenge? Taking good notes is critical to a successful penetration test.
For the purpose of this book, we will review the installation of the BackTrack suite using VirtualBox, which is made available by Oracle under the GNU General Public License (GPL). This open source virtualization tool can be used to build your virtual testing environment on platforms such as Linux, OSX, and Windows.
Tip
I highly recommend the use of the BackTrack OS for your testing needs. If you are unfamiliar with BackTrack, PacktPub has recently released an excellent book on the subject titled BackTrack 4: Assuring Security by Penetration Testing. This book will go into detail on various installation methods of the BackTrack suite, and gives a full review of all of the tools you can find within. If you are still new to penetration testing, you will more than likely benefit from reviewing this book. As the focus of Advanced Penetration Testing of Highly Secured Environments is on advanced attack methods we will not cover all tools within the BackTrack suite.
You can also find more information about BackTrack at the BackTrack forum site located at: http://www.backtrack-linux.org/forums/backtrack-5-forums/. The developers of BackTrack are very professional and offer a great deal of time and effort to the security community.
Installing VirtualBox
At this point in time the Windows operating system is still the most common desktop operating system, thus I will be detailing the installation of VirtualBox using Windows 7. However, the installation is straightforward for all OS's, so you should not shy away from installing it on your favorite platform.
Note
Almost every tool we use throughout the book is Linux or FreeBSD based. Because many people use Windows as their primary desktop we will provide instructions on installing VirtualBox on Windows 7. Once you have it up and running, you will be able to follow along regardless of which operating system is used as the host machine for your virtual test environment.
Tip
This may occur more than once; in my case it popped up four times followed by a notification from my firewall asking for permission to add the additional network to my firewall settings.
You will now have VirtualBox up and running and can begin the first step of creating the virtual testing environment to be used for hands-on practice throughout the book!
Installing your BackTrack virtual machine
Note
We will be referring to the system and virtual network names used in these installation instructions when discussing attack and defense strategies.
There are two primary methods of installing BackTrack as a virtual machine. One is to use the LiveCD ISO to install BackTrack just as you would on a physical machine; the other is to download a pre-prepared virtual machine. This is the VMWare image option seen on the BackTrack-Linux.org download site.
We will be using the LiveCD for our BackTrack installation, as that allows us the flexibility to determine hard drive size and other settings. Another benefit of using the ISO is that you will know how to install BackTrack to physical machines in the future. If using whole disk installation, the install process will be very similar to the virtual machine installation.
BackTrack can be downloaded at http://www.backtrack-linux.org/. Be sure to choose the appropriate ISO version in regards to 32 or 64 bit architecture. If you do not have a 64-bit operating system running on what will be the host machine, you will not be able to run a 64-bit operating system on the guest instances either. If running a 64-bit operating system on the host, you may choose either 32 bit or 64 bit for your guest machine operating systems.
Note
The host machine is the primary operating system that you installed VirtualBox on. Virtualized operating system images installed with VirtualBox will be referred to as guest machines.
Preparing the virtual guest machine for BackTrack
Now you have completed the preparation required for installing an operating system on your virtual disk. This process does not vary considerably when preparing for other operating systems, and VirtualBox makes many of the configuration changes trivial. Sometimes you may want to tweak the settings on your guest machines to increase their performance. Playing around with some of the settings will give you an idea of the power of this tool.
Note
You can change the settings of the virtual machines at any time. However, sometimes you will be required to shut down the guest machine prior to making changes.
Installing BackTrack on the virtual disk image
Now the virtual machine is installed and we are ready to install BackTrack. Thanks to the hard work of the Backtrack-Linux.org team, this process is simple and uncomplicated.
Exploring BackTrack
Congratulations, you now have one of the most powerful collections of penetration tools available and ready for your usage. Entire books are dedicated to covering the excellent collection of tools that are part of the BackTrack Linux platform. This toolkit will definitely save you a lot of time out in the field.
Logging in
Your login information for the default install is:
Changing the default password
After logging in, we should change this default password as soon as possible. You can do this by typing passwd at the prompt and replacing 1NewPassWordHere as seen in the example with your own secure password.
Tip
If you are having issues with screen resolution or experiencing other minor annoyances, you may want to install the VirtualBox Guest Additions. With the guest machine running, click on Devices and then Install Guest Additions to initiate this install. You will be required to restart BackTrack afterwards.
Updating the applications and operating system
Your virtual machine network cards are currently configured to allow your BackTrack installation to access your host system's Internet connection using NAT. In order to update the operating system there are a few commands that you should become familiar with.
Note
If you do not have an Internet connection the system will not be able to update.
One thing to keep in mind is that BackTrack is based on Ubuntu and as with any other operating system, patching is required in order to ensure that the latest security patches are applied. It is also important to keep applications up-to-date so that the latest testing techniques and tools can be taken advantage of!
By default, BackTrack is set up to use only the BackTrack repositories. If curious, you can see what these are by looking at the /etc/apt/sources.list file.
The first command that will need to be initialized is the advancedpackagingtools (APT) update function. This will synchronize the package index files to ensure that you have information about the latest packages available. The update functionality should always be used prior to installing any software or updating your installed packages.
After this update is complete you may initialize apt's upgrade command. All installed packages will be updated to the latest release found within your repositories.
There is another apt command that is used to update your system. dist-upgrade will bring BackTrack to the latest release. For example, if you are running BackTrack 4 and would like to upgrade instead of downloading and installing the latest version BackTrack 5 release, you may do so by typing:
Note
You need not worry about dependencies; all of this is handled automatically by the apt-getdist-upgrade command!
Now that your system has been updated, it is time to start up the graphical user interface (type startx at the prompt again) and have a look around at your new toolkit. We will be making extensive use of these tools throughout the course of this book.
Note
When performing an apt-getdist-upgrade it may be beneficial to follow up with a reboot. This is the case with any kernel upgrade.
Installing OpenOffice
There may be times when you need to open up a spreadsheet to review IP ranges, or to quickly review your ROE. Sometimes it is even nice to have your data collection tool export your data directly into a word processor from within BackTrack. There are many open source alternatives to Microsoft Word these days and OpenOffice is at the top of the list. It has been adopted by many businesses and can output various file formats. To install OpenOffice from within BackTrack simply open a terminal session and type:
Accept the download by pressing Y and after a few moments, you will have successfully added a very powerful Office Suite to your BackTrack toolset.
Effectively manage your test results
A variety of tools will be used during the process of performing a penetration test. Almost all of these will have output that you will want to keep. One major challenge is to be able to combine all of this data in one place so that it may easily be used to enhance testing efforts by providing you with a holistic view of your data, and shorten the report generation phase.
Introduction to MagicTree
MagicTree, a Java application created by Gremwell, is an actively supported data collection and reporting tool. It manages your data using nodes in a tree-structure. This hierarchical storage method is particularly efficient at managing host and network data. The true power of MagicTree is unleashed when attempting to analyze data. For instance, a search for all IIS web servers found during a scan of a large network would take mere moments.
