39,59 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
BackTrack is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying appropriate testing methodology with defined business objectives and a scheduled test plan will result in robust penetration testing of your network.
BackTrack 4: Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating the cutting-edge hacker tools and techniques in a coherent step-by-step strategy. It offers all the essential lab preparation and testing procedures to reflect real-world attack scenarios from your business perspective in today's digital age.
The authors' experience and expertise enables them to reveal the industry's best approach for logical and systematic penetration testing.
The first and so far only book on BackTrack OS starts with lab preparation and testing procedures, explaining the basic installation and configuration set up, discussing types of penetration testing (black-box and white-box), uncovering open security testing methodologies, and proposing the BackTrack specific testing process. The authors discuss a number of security assessment tools necessary to conduct penetration testing in their respective categories (target scoping, information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, maintaining access, and reporting), following the formal testing methodology. Each of these tools is illustrated with real-world examples to highlight their practical usage and proven configuration techniques. The authors also provide extra weaponry treasures and cite key resources that may be crucial to any professional penetration tester.
This book serves as a single professional, practical, and expert guide to developing hardcore penetration testing skills from scratch. You will be trained to make the best use of BackTrack OS either in a commercial environment or an experimental test bed.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 472
Veröffentlichungsjahr: 2011
Ähnliche
Table of Contents
BackTrack 4: Assuring Security by Penetration Testing
BackTrack 4: Assuring Security by Penetration Testing
Copyright © 2011 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: April 2011
Production Reference: 1070411
Published by Packt Publishing Ltd.
32 Lincoln Road
Olton
Birmingham, B27 6PA, UK.
ISBN 978-1-849513-94-4
www.packtpub.com
Cover Image by Faiz fattohi (<[email protected]>)
Credits
Authors
Shakeel Ali
Tedi Heriyanto
Reviewers
Mike Beatty
Peter Van Eeckhoutte
Arif Jatmoko
Muhammad Rasyid Sahputra
Acquisition Editor
Tarun Singh
Development Editor
Kartikey Pandey
Technical Editor
Kavita Iyer
Copy Editor
Neha Shetty
Indexers
Hemangini Bari
Tejal Daruwale
Editorial Team Leader
Akshara Aware
Project Team Leader
Priya Mukherji
Project Coordinator
Sneha Harkut
Proofreader
Samantha Lyon
Graphics
Nilesh Mohite
Production Coordinator
Kruthika Bangera
Cover Work
Kruthika Bangera
About the Authors
ShakeelAli is the main founder and CTO of Cipher Storm Ltd, UK. His expertise in the security industry markedly exceeds the standard number of security assessments, audits, compliance, governance, and forensic projects that he carries in day-to-day operations. He has also served as a Chief Security Officer at CSS-Providers S.A.L. As a senior security evangelist and having spent endless nights without taking a nap, he provides constant security support to various businesses, educational organizations, and government institutions globally. He is an active independent researcher who writes various articles and whitepapers, and manages a blog at Ethical-Hacker.net. He also regularly participates in BugCon Security Conferences held in Mexico, to highlight the best-of-breed cyber security threats and their solutions from practically driven countermeasures.
I would like to thank all my friends, reviewers, and colleagues who were cordially involved in this book project. Special thanks to the entire Packt Publishing team, and their technical editors and reviewers who have given invaluable comments, suggestions, feedback, and support to make this project successful. I also want to thank Tedi Heriyanto (co-author) whose continual dedication, contributions, ideas, and technical discussions led to produce the useful product you see today. Last but not least, thanks to my pals from past and present with whom the sudden discovery never ends, and whose vigilant eyes turn an IT industry into a secure and stable environment.
Tedi Heriyanto currently works as a Senior Technical Consultant in an Indonesian information technology company. He has worked with several well-known institutions in Indonesia and overseas, in designing secure network architecture, deploying and managing enterprise-wide security systems, developing information security policies and procedures, doing information security audit and assessment, and giving information security awareness training. In his spare time, he manages to research, write various articles, participate in Indonesian Security Community activities, and maintain a blog site located at http://theriyanto.wordpress.com. He shares his knowledge in the information security field by writing several information security and computer programming books.
I would like to thank my family for supporting me during the whole book writing process. I would also like to thank my friends who guided me in the infosec field and were always available to discuss infosec issues: Gildas Deograt, Mada Perdhana, Pamadi Gesang, and Tom Gregory. Thanks to the technical reviewers who have provided their best knowledge in their respective fields: Arif Jatmoko, Muhammad Rasyid Sahputra, and Peter "corelanc0d3r" Van Eeckhoutte. Also thanks to the great people at Packt Publishing (Kartikey Pandey, Kavita Iyer, Tarun Singh, and Sneha Harkut), whose comments, feedback, and immediate support has turned this book development project into a successful reality. Last but not least, I would like to give my biggest thanks to my co-author, Shakeel Ali, whose technical knowledge, motivation, ideas, and suggestions made the book writing process a wonderful journey.
About the Reviewers
Peter "corelanc0d3r" VanEeckhoutte is the founder of Corelan Team (http://www.corelan.be), bringing together a group of people who have similar interests: performing IT security/vulnerability research, sharing knowledge, writing and publishing tutorials, releasing security advisories and writing tools. His Win32 Exploit Writing Tutorial series and Immunity Debugger PyCommand "pvefindaddr" are just a few examples of his work in the security community. Peter has been working on IT security since the late 90's, focusing on exploit development since 2006.
I would like to thank my wife and daughter for their everlasting support and love, and the folks at the Corelan Team for being a truly awesome bunch of friends to work with.
ArifJatmoko (MCom, CISSP, CISA, CCSP, CEH) is an IT Security Auditor at Bank Mandiri tbk, the biggest bank in Indonesia. Arif has spent over 15 years working as a computer security specialist. Since 1999, he joined a top Fortune 500 company as the IT security officer, runs several projects in government and military institutions, is a pentester at big4 audit firm and a few major financial institutions.
Since his early school years, Arif has enjoyed coding, debugging, and other reverse engineering stuff. These hobbies have given him the skill to perform security incident analysis for many years. Later (during his more current jobs), Arif was found to be most interested in incident analysis and computer forensics. Especially as an auditor, he frequently deals with investigative analysis in criminals and other fraudulent activities inside the company.
MuhammadRasyidSahputra currently works as a Security Consultant at Xynexis International. His interests range from analyzing various bugs of open-source and commercial software/products to hacking telecommunication infrastructure
www.PacktPub.com
Support files, eBooks, discount offers and more
You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.
Why Subscribe?
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.
To my loving family: For their support and specially my cute little niece "Jennifer"and nephew "Adan" whose smile is an inspiration and encouragement for my life.
To Medha Kant "lovely maggie": The most amazing and beautiful person I know. You're my idol and your kheer will remain best of my success.
To my brilliant teachers: The ones who turned an ordinary child into his superior excellence and extraordinary individual.
To all my friends and colleagues: Amreeta Poran, Li Xiang, Fazza3, Eljean Desamparado, Sheikha Maitha, Rizwan Shariff, Islahuddin Syed, Li Jie, Asif, Salman, and all those whom I might forget to mention here.
--Shakeel Ali-I would like to dedicate this book to:
God: For the gifts that have been given to me.
My beloved family: For their supports all this time.
My wonderful teachers: Thank you for being so patient in teaching me.
My amazing friends and colleagues: For helping me out during the years.
My excellent clients: For trusting and giving me the chance to work together with you.
You, the reader: For buying this book and e-book.
--Tedi Heriyanto-Preface
BackTrack is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying appropriate testing methodology with defined business objectives and a scheduled test plan will result in robust penetration testing of your network.
BackTrack 4: Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating the cutting-edge hacker tools and techniques in a coherent step-by-step strategy. It offers all the essential lab preparation and testing procedures to reflect real-world attack scenarios from your business perspective in today's digital age.
The authors' experience and expertise enables them to reveal the industry's best approach for logical and systematic penetration testing.
The first and so far only book on BackTrack OS starts with lab preparation and testing procedures, explaining the basic installation and configuration set up, discussing types of penetration testing (black box and white box), uncovering open security testing methodologies, and proposing the BackTrack specific testing process. The authors discuss a number of security assessment tools necessary to conduct penetration testing in their respective categories (target scoping, information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, maintaining access, and reporting), following the formal testing methodology. Each of these tools is illustrated with real-world examples to highlight their practical usage and proven configuration techniques. The authors also provide extra weaponry treasures and cite key resources that may be crucial to any professional penetration tester.
This book serves as a single professional, practical, and expert guide to develop hardcore penetration testing skills from scratch. You will be trained to make the best use of BackTrack OS either in a commercial environment or an experimental test bed.
A tactical example-driven guide for mastering the penetration testing skills with BackTrack to identify, detect, and exploit vulnerabilities at your digital doorstep.
What this book covers
Chapter 1, Beginning with BackTrack, introduces you to BackTrack, a Live DVD Linux distribution, specially developed to help in the penetration testing process. You will learn a brief history of BackTrack and its manifold functionalities. Next, you will learn about how to get, install, configure, update, and add additional tools in your BackTrack environment. At the end of this chapter, you will discover how to create a customized BackTrack to suit your own needs.
Chapter 2, Penetration Testing Methodology, discusses the basic concepts, rules, practices, methods, and procedures that constitute a defined process for a penetration testing program. You will learn about making a clear distinction between two well-known types of penetration testing, Black-Box and White-Box. The differences between vulnerability assessment and penetration testing will also be analyzed. You will also learn about several security testing methodologies and their core business functions, features, and benefits. These include OSSTMM, ISSAF, OWASP, and WASC-TC. Thereafter, you will learn about an organized BackTrack testing process incorporated with ten consecutive steps to conduct a penetration testing assignment from ethical standpoint.
Chapter 3, Target Scoping, covers a scope process to provide necessary guidelines on formalizing the test requirements. A scope process will introduce and describe each factor that builds a practical roadmap towards test execution. This process integrates several key elements, such as gathering client requirements, preparing a test plan, profiling test boundaries, defining business objectives, and project management and scheduling. You will learn to acquire and manage the information about the target's test environment.
Chapter 4, Information Gathering, lands you in the information gathering phase. You will learn several tools and techniques that can be used to gather metadata from various types of documents, extract DNS information, collect routing information, and moreover perform active and passive intelligence gathering. You will also learn a tool that is very useful in documenting and organizing the information that has been collected about the target.
Chapter 5,Target Discovery, discusses the process of discovering and fingerprinting your target. You will learn the key purpose of discovering the target and the tools that can assist you in identifying the target machines. Before the end of this chapter you will also learn about several tools that can be used to perform OS fingerprinting.
Chapter 6, Enumerating Target, introduces you to the target enumeration process and its purpose. You will learn what port scanning is, various types of port scanning, and the number of tools required to carry out a port scanning operation. You will also learn about mapping the open services to their desired ports.
Chapter 7, Vulnerability Mapping, discusses two generic types of vulnerabilities, local and remote. You will get insights of vulnerability taxonomy, pointing to industry standards that can be used to classify any vulnerability according to its unifying commonality pattern. Additionally, you will learn a number of security tools that can assist in finding and analyzing the security vulnerabilities present in a target environment. These include OpenVAS, Cisco, Fuzzing, SMB, SNMP, and web application analysis tools.
Chapter 8, Social Engineering, covers some core principles and practices adopted by professional social engineers to manipulate humans into divulging information or performing an act. You will learn some of these basic psychological principles that formulate the goals and vision of a social engineer. You will also learn about the attack process and methods of social engineering, followed by real-world examples. In the end of the chapter, you will be given hands-on exercises about two well-known technology-assisted social engineering tools that can assist in evaluating the target's human infrastructure.
Chapter 9, Target Exploitation, highlights the practices and tools that can be used to conduct real-world exploitation. The chapter will explain what areas of vulnerability research are crucial in order to understand, examine, and test the vulnerability. Additionally, it will also point out several exploit repositories that should help to keep you informed about the publicly available exploits and when to use them. You will also learn to use one of the infamous exploitation toolkits from a target evaluation perspective. Moreover, you will discover the steps for writing a simple exploit module for Metasploit Framework.
Chapter 10, Privilege Escalation, covers the tools and techniques for escalating privileges, network sniffing and spoofing. You will learn the tools required to attack password protection in order to elevate the privileges. You will also learn about the tools that can be used to sniff the network traffic. In the last part of this chapter, you will discover several tools that can be handy in launching the spoofing attacks.
Chapter 11, Maintaining Access, introduces the most significant tools for protocol tunneling, proxies, and end-to-end communication. These tools are helpful to create a covert channel between the attacker and the victims machine.
Chapter 12, Documentation and Reporting, covers the penetration testing directives for documentation, report preparation, and presentation. These directives draw a systematic, structured, and consistent way to develop the test report. Furthermore, you will learn about the process of results verification, types of reports, presentation guidelines, and the post testing procedures.
Appendix A, Supplementary Tools, describes several additional tools that can be used for the penetration testing job.
Appendix B, Key Resources, explains the various key resources.
What you need for this book
All the necessary requirements for the installation, configuration, and running BackTrack have been discussed in Chapter 1.
Who this book is for
If you are an IT security professional or network administrator who has a basic knowledge of Unix/Linux operating systems including an awareness of information security factors, and you want to use BackTrack for penetration testing, then this book is for you.
Conventions
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "We can include other contexts through the use of the include directive."
A block of code is set as follows:
When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "To access dnswalk from BackTrack 4 menu, navigate to Backtrack | Information Gathering | DNS | DNS-Walk".
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a book that you need and would like to see us publish, please send us a note in the SUGGEST A TITLE form on www.packtpub.com or e-mail <[email protected]>.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the erratasubmissionform link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
Questions
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.
Part I. Lab Preparation and Testing Procedures
Beginning with BackTrack
Penetration Testing Methodology
Chapter 1. Beginning with BackTrack
This chapter will introduce you to BackTrack, a Linux Live DVD for penetration testing. The chapter will describe the following:
At the end of this chapter, we will describe how to install additional weapons and customize BackTrack.
History
BackTrack is a Live DVD Linux distribution developed specifically for penetration testing. In the Live DVD format, you can use BackTrack directly from the DVD without installing it to your machine. BackTrack can also be installed to the hard disk and used as a regular operating system.
BackTrack is a merger between three different live Linux penetration testing distributions—IWHAX, WHOPPIX, and Auditor. In its current version (4.0), BackTrack is based on Ubuntu Linux distribution version 8.10.
As of July 19, 2010, BackTrack 4 has been downloaded by more than 1.5 million users.
BackTrack purpose
BackTrack 4.0 contains a number of tools that can be used during your penetration testing process. The penetration testing tools included in Backtrack 4.0 can be categorized into the following:
BackTrack 4 also contains tools that can be used for:
Getting BackTrack
Before installing and using BackTrack, first we need to download it. You can get BackTrack 4.0 from a torrent file or from the BackTrack website (http://www.backtrack-linux.org/downloads/).
On the BackTrack website, you will find two versions of BackTrack 4. One version is BackTrack 4 in ISO image file format. You use this version if you want to burn the image to a DVD or you want to install BackTrack to your machine. The second version is a VMWare image file. If you want to use BackTrack in a virtual environment, you might want to use this image file to speed up the installation and configuration for the virtual environment.
At the time of this writing, the latest version is BackTrack 4 Final Release, so make sure on the download page to choose the download from BackTrack 4 Final Release.
After you've downloaded the image successfully, please compare the MD5 hash value from the downloaded image to the provided MD5 hash value. This is done to verify that the downloaded file has not been tampered.
In a UNIX/Linux/BSD operating system, you can use the following md5sum command to check the MD5 hash value of the downloaded image file. It will take some time to compute the hash value:
In a Windows operating system environment, there are many tools that can be used to generate a MD5 hash value, and one of them is HashTab. It is available from http://beeblebrox.org/. It supports MD5, SHA1, SHA2, RIPEMD, HAVAL, and Whirlpool hash algorithms.
After you install HashTab, to find out the MD5 hash value of a file, just select the file, then right-click, and choose Properties. You will find several tabs: General, File Hashes, Security, Details, and Previous Version. The tab that is suitable for our purpose is File Hashes.
The following is the MD5 hash value generated by HashTab for the BackTrack 4 ISO image file:
The following is the MD5 hash value for the BackTrack 4 compressed VMWare image file:
You need to compare the MD5 hash value with the provided MD5 hash value. This hash value is stored in a file. Just look at the content of that file and compare it with the hash value generated by md5sum or HashTab. If both values match, you can continue to the next step Using BackTrack, but if they don't match, you might want to download the file again.
Using BackTrack
You can use BackTrack in several ways:
In the following sections, we will describe each of these methods.
Live DVD
If you want to use BackTrack without installing it to the hard disk, you can burn the ISO image file to DVD, and boot your machine with that DVD. BackTrack will then run from the DVD.
The advantage of using BackTrack as a Live DVD is that it is very easy to do and you don't need to mess with your existing machine configuration.
Unfortunately, that method also has several drawbacks. BackTrack may not work with your hardware straight out-of-the-box, and any configuration changes made to get the hardware to work will not be saved with the Live DVD. Additionally, it is slow, because the computer needs to load the program from DVD.
If you want to work with BackTrack extensively, we suggest you install BackTrack to the hard disk.
Installing to hard disk
There are two methods that you can use to install BackTrack to the hard disk:
You can choose whichever method is suitable for you.
Installation in real machine
Before you install BackTrack in real machine, you must make sure that the hard disk does not contain any useful data. For easy installation, we suggest you use all the hard disk space. If your machine already contains another operating system, you need to create a partition for BackTrack. Please be careful while doing this, as you could end up corrupting your operating system.
Note
One of the resources that describe how to install BackTrack with other operating systems such as Windows XP can be found at: http://www.backtrack-linux.org/tutorials/dual-boot-install/.
We suggest you use a specific tool for disk partitioning. In the open source area, there are several Linux Live CDs that can be used, such as SystemRescueCD (http://www.sysresccd.org/) and gparted (http://gparted.sourceforge.net/). Boot up the Live CD and you are ready for action. Please make sure to backup your data first before you use Linux Live CD disk partitioning tool. Even though in our experiences, they are safe to be used, there is nothing wrong about being cautious.
If you're done with disk partitioning or you just want to use all the hard disk space, you can boot your machine using BackTrack 4 Live DVD. Then wait for several minutes until the boot process is done and you will be greeted with the following login screen:
Just in case you are asked for a login prompt, here is the default username and password in BackTrack 4:
To enter the graphical mode, please type startx in the root prompt, and you will enter the graphical mode of BackTrack 4:
If you find a file named install.sh on your desktop, you can click on it to install BackTrack 4 to the hard disk. However, if you can't find that file, you can use ubiquity to do the installation.
To use ubiquity, open the Konsole terminal program, by clicking its icon that is the fifth icon from the left in the status bar. In the Konsole window, type:
After that you will see an installation window. You will be asked several questions by the installation program:
After some time, your installation will be done and you will have BackTrack 4 installed to your hard disk.
Installation in VirtualBox
You can also install BackTrack to a virtual machine environment as a guest operating system. The advantages for doing this installation type are you don't need to prepare a separate hard disk partition for the BackTrack image, and you can have your existing operating system intact. The main disadvantages of running BackTrack in a virtual machine are that it is slower compared to running it in the real machine, and you cannot use a wireless network card unless it's a USB wireless card. This is because the virtual machine software blocks all access to the hardware except for USB devices.
You have two options when it comes to installing BackTrack 4 in a virtual machine. The first option is to use the VMWare image provided by BackTrack. With this option you will have BackTrack 4 in a virtual machine in an easy and fast way. The drawback of this method is you might not be able to change the virtual machine configuration (hard disk size).
Here is the configuration of the VMWare image provided by the BackTrack:
Note
We experienced a problem when choosing NAT as the network type. This problem arose when we tried to do network tracing. In the result, there are only two network hops displayed—our machine and the target machine. The hops between our machine and the target machine are not available. However, when we do the same thing in the host operating system, the network hops are displayed correctly. We fixed this problem by changing the network type to "Bridge".
The second option is to install the ISO image in a virtual machine. This option is quite involved and will take a longer time compared to the VMWare image installation. The advantage of this method is that you can customize your virtual machine configuration.
For this chapter, we will only give a description of the VMWare image installation. Please be aware that we are going to use VirtualBox (http://www.virtualbox.org) as the virtual machine software. VirtualBox is an open source virtualization software that is available for Windows and Linux operating systems.
The first step to install the BackTrack 4 VMWare image is downloading the necessary image file and extracting it to the appropriate folder. As the VMWare image is compressed in a ZIP format, you can use any software that can extract a ZIP file.
Also make sure you have already installed and configured the VirtualBox suitable for your operating system.
Before you can use the image directly in VirtualBox, you need to perform several additional steps:
After adding the image file to the Virtual Media Manager, we can create the virtual machine. To do this, select Machine –New from the VirtualBox main menu. Next, you will need to answer several questions:
We use BT4VB as the VM Name, and we choose Linux as the Operating System and Ubuntu as the Version.We configure the BackTrack 4 virtual machine to use "1024MB" as its base memory size.Next we define the Virtual Hard Disk to Useexistingharddisk, and select the BackTrack 4 image file for the hard disk.The wizard will display a summary before creating the virtual machine.The virtual machine creation is finished and you will see BackTrack 4 virtual machine in the VirtualBox window.To run the BackTrack virtual machine, click on the Start icon at the top of the VirtualBox menu bar. After the boot process, BackTrack will display its login prompt.You can then login using the information provided in the Installationinrealmachine section.
Portable BackTrack
You can also install BackTrack to a USB flash disk; we call this method Portable BackTrack. After you install it to the USB flash disk, you can boot up from it and your machine now has BackTrack.
The advantage of this method compared to the Live DVD is that you can save your changes to the USB flash disk. While compared to the hard disk installation, this method is more portable.
To create portable BackTrack, you can use several helper tools. One of them is UNetbootin (http://unetbootin.sourceforge.net). You can run this tool from Windows, Linux/UNIX, and Mac operating system.
Before you start creating portable BackTrack, you need to prepare several things:
After you download unetbootin, you can run it on your computer by calling unetbootin from the root login (if you are using Linux/UNIX), you don't need to use BackTrack for this. You will then see the unetbootin window.
In our case we need to fill in the following options:
Configuring network connection
After logging in to the BackTrack 4, we are going to configure and start the network interface, as this is an important step if we want to do penetration testing to remote machines.
Ethernet setup
In the default VMWare image configuration, the BackTrack 4 virtual machine is using NAT (NetworkAddressTranslation) as the network connection used. In this connection mode, by default the BackTrack 4 machine will be able to connect to the outside world through the host operating system, whereas the outside world, including the host operating system, will not be able to connect to the BackTrack virtual machine.
For the penetration testing task, you need to change the virtual machine networking method to bridge mode. First make sure you have switched off the virtual machine. Then open up the VirtualBox Manager, select the virtual machine, in this case we are using BT4VB, then choose Settings. Next go to Network and change the Attachedto to BridgedAdapter. In the Name field you can select whichever network interface is connected to the network you want to test.
In the VMWare image configuration all of the network card are set to use DHCP to get their IP addresses. Just make sure you are able to connect to the network you want to test.
If you are aware, a DHCP IP address is not a permanent IP address, it's just a lease IP address. After 37297 seconds (as defined in the DHCP lease time), the BackTrack 4 virtual machine will need to get a lease IP address again. This IP address might be the same as the previous one or it might be a different one.
If you want to make the IP address permanent, you can do so by putting the IP address in the /etc/network/interfaces file.
The default content of this file in BackTrack 4 is:
We can see that all of the network cards are set to use DHCP to get the IP address. To make a network card bind to an IP address permanently, we have to edit that file and change the content to the following:
Here we set the first network card to bind to IP address 10.0.2.15. You may need to adjust this configuration according to the network environment you want to test.
Wireless setup
By running BackTrack 4 in the virtual machine, you can't use the wireless card embedded in your laptop. You can only use the USB wireless card. Before you buy the USB wireless card, you may want to check the compatibility of the card with BackTrack 4 at http://backtrack.offensive-security.com/index.php/HCL:Wireless.
If you have successfully installed the USB wireless card, you can use the wicd program to connect to the wireless access point.
However, first you need to start the wicd service:
The above command will start the networking interface.
Also, if you run the preceding command before you start the X Windows system, it will run the wicd-client too. However, if you start the above command after you login to the X Windows system, you need to start the wicd client:
In the tray you will see the wicd manager. You just need to click on its icon to restore the window.
You will see several networks, either wired or wireless, available around your machine. The network displayed will be sorted according to the signal strength. The higher the number, the better.
If you need to configure your network connection settings, such as:
You can enter this information in the Properties window.
Starting the network service
After configuring the wired network interface, you need to start the wired network interface. To control the networking process (start-up or shut-down), you can use a helper script called service.
To start networking service, just give the following command:
Whereas to stop networking service, type:
You can test whether your network is functional by sending the ICMP request to the host machine using the ping command.
You may find that after you reboot your BackTrack machine, the networking service needs to be started again. To make the networking service start automatically, you can give the following command:
It will insert the necessary links to the /etc/rc*.d directories to start the networking script.
Updating BackTrack
BackTrack is a Linux distribution that consists of several application software and an operating system. You need to update each of the components to fix the bugs contained in the previous version and also to have the latest features of the software.
We suggest you only update the software and kernel from the BackTrack software package repository, as these softwares have been tested with BackTrack.
Updating software applications
The first thing to do after you have successfully installed and configured BackTrack is to update BackTrack itself. Since BackTrack 4 is based on Ubuntu, you can use the Ubuntu/Debian command (apt-get) to do the updating process.
The apt-get will consult the /etc/apt/sources.list file to get the update server; please make sure you have the correct source files.
The default sources.list file included in BackTrack 4 is:
Before you can update the process, you need to synchronize the package index files from the repository specified in the /etc/apt/sources.list file. The command to do this synchronization is:
Make sure you always run apt-get update before doing any package update or installation.
After the package index has been synchronized, the upgrade can be performed.
There are two command options available to do an upgrade:
After you choose the appropriate command options for updating BackTrack, the apt-get program will list all of the packages that will be installed, upgraded, or removed. You will then need to give the confirmation.
If you have given the confirmation, the upgrade process will start. Please be aware that this upgrade process might take a long time to finish, depending on your network connection speed.
Updating the kernel
The update process mentioned in the previous section is enough for updating the software applications. However, sometimes you may want to update your kernel, because your existing kernel doesn't support your new device. Please remember that because the kernel is the heart of the operating system, failure to upgrade may cause your BackTrack to be unbootable. You need to make a backup of your kernel and configuration. You should ONLY update your kernel with the one made available by the BackTrack developers. This Linux kernel is modified to make certain "features" available to the BackTrack users and updating with other kernel versions could disable those features.
Before you upgrade your kernel, you need to know the kernel version running in your existing machine by giving the following command in the command:
The system will respond with the kernel version, such as:
The latest kernel available in BackTrack 4 at the time of writing is kernel version 2.6.34. If your kernel version is lower than 2.6.34 and you have problems with your hardware driver, then you may need to upgrade your kernel.
As the kernel is just another software package, the process to upgrade the kernel is the same as updating the software applications. First, you issue the synchronization command apt-get update, and then issue the apt-get upgrade command to upgrade the kernel.
That command will inform you of what kernel packages are available to be upgraded. The kernel package names are:
The kernel-version refers to the version of the kernel. If you see those package names, it means there is a new kernel available to be upgraded, but you also need to check the kernel version. Make sure the upgraded packages have newer version than the existing packages available in your machine.
After you are sure that you need to upgrade, answer Y to continue the process. Then the apt-get command will download all the necessary software packages.
Usually for the other software packages, if they have been downloaded, the apt-get will install them automatically and you don't need to do anything. However, for the kernel, you need to do several configurations after the kernel installation.
First the apt-get will display a notification regarding the kernel image configuration:
Next, it will display whether you want to continue or stop the kernel installation, because the kernel-image is already installed. You can answer No to continue installing the kernel image, or you can opt for Yes to stop the installation.
After the installation finishes, you will be asked what to do about the menu.lst file. This file is a configuration menu for GRand Unified Boot Loader (GRUB) boot loader. The default option selected by apt-get is keep current. If you select this option, your new kernel-image will not be added to the menu.lst file, thus you can't select it during the boot process.
We suggest you choose the diff option first to see what are the differences between the existing menu.lst file and the new one.
Symbol + denotes it is an additional item, the line is only available in the new menu.lst, while the symbol - means that the line is to be deleted in the new menu.lst.
After you've checked the differences, you can decide what to do. Usually the new menu.lst file will contain all of the content of the existing menu.lst and the lines for the new kernel-image. So it should be safe to install the new menu.lst file by selecting install new.
The apt-get will install the new menu.lst file after you choose to install it. Several minutes later you can reboot your machine to test your new kernel.
To check your kernel version, type the following command after you login:
The following is the result in our system:
Installing additional weapons
Although BackTrack 4 comes with so many security tools, sometimes you need to add additional software tools because:
Our suggestion is to try to first search for the package in the repository. If you find the package in the repository, please use that package, but if you can't find it, you may want to get the software package from the author's website and install it by yourself. We suggest you use the software in the repository as much as you can.
The command to search for the package in the repository is:
If you found the package and you want to get more information about it, use:
It will display more information about the software package.
Then you will be able to use apt-get to install the package:
However, if you can't find the package in the repository and you are sure that the package will not cause any problems later on, you can install the package by yourself.
Download the software package from a trusted source. Then use the dpkg command to add the additional software. Make sure that the software is bundled in Debian package format (DEB).
In this section, we will give examples on how to install additional security tools. The tools are Nessus and WebSecurify.
Nessus vulnerability scanner
As an example for the first case, we want to install the latest Nessus vulnerability scanner (Version 4). We have already searched in the BackTrack repository, and the available Nessus is Nessus Version 2, so we won't use it. The reason why BackTrack doesn't include the latest Nessus version is because of the licensing issue. Since Version 3, Nessus is no longer open source software. A Linux distribution can't distribute it anymore without licensing it from the Tenable Security (the company who develops Nessus).
We download the latest Nessus package generated for Ubuntu 8.10 Linux distribution from Nessus website (http://www.nessus.org). To install the package we issue the command:
You can then follow the instructions given on the screen to configure your Nessus:
Your activation code is sent to your e-mail address if you give your e-mail address before you download Nessus.
WebSecurify
WebSecurify is a web security testing environment that can be used to find vulnerabilities in web applications.
It can be used to check for the following vulnerabilities:
WebSecurify tool is available from the BackTrack repository. To install it you can use the apt-get command:
Besides the three tools that have already been discussed briefly, you can also search for other tools in the BackTrack repository using the apt-cache search command.
Customizing BackTrack
One of the drawbacks we found while using BackTrack 4 is that you need to perform a big upgrade (300MB to download) after you've installed it from the ISO or from the VMWare image provided. If you have one machine and a high speed Internet connection, there's nothing much to worry about. However, imagine installing BackTrack 4 in several machines, in several locations, with a slow internet connection.
The solution to this problem is by creating an ISO image with all the upgrades already installed. If you want to install BackTrack 4, you can just install it from the new ISO image. You won't have to download the big upgrade again.
While for the VMWare image, you can solve the problem by doing the upgrade in the virtual image, then copying that updated virtual image to be used in the new VMWare installation.
Besides easing the package upgrade, by customizing BackTrack you can adjust it to suit your needs. There may be a case where you don't need security tools provided by BackTrack 4 or you want to add additional software for your BackTrack installation. By customizing it, you don't need to waste your time removing, installing, and configuring software packages. You can just use your customized BackTrack!
To create an updated BackTrack ISO image, you need to install BackTrack to the hard disk first, either using the traditional installation or using the virtual machine environment.
Here are the steps that can be used to create an updated BackTrack ISO image:
