BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD.BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.
The Change Log -
This release contains over 120 bug fixes, 30 new tools and 70 tool updates.
The kernel was updated to 2.6.39.4 and includes the relevant injection patches
on the word of the backtrack developers " We are really happy with this release, and believe that as with every release, this is our best one yet. Some pesky issues such as rfkill in VMWare with rtl8187 issues have been fixed, which provides for a much more solid experience with BackTrack. We’ve released Gnome and KDE ISO images for 32 and 64 bit (no arm this release, sorry!), as well as a VMWare image of a 32 bit Gnome install, with VMWare Tools pre-installed."
This post will include basic introduction to metasploit & its working.
What is Metasploit ?
The Metasploit Project is an open-sourcecomputer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.
Basically Metasploit is tool which provides complete environment for hacking.
Metasploit is ran by rapid7 community & Metasploit is the biggest software which is written in ruby
Why metasploit is recommended ?
metasploit is free n easy to use and one can develop his own exploits,payloads etc & use it with metasploit easily.
It comes with over 690 exploits & which are updated on regular basis(0days also included).
We can use diffrent plugins,external tools to improve the productivity of metasploit for example SET(social engineering toolkit), beEF, XSSF, Nexpose , NMAP, W3af etc(we will continue to it in next posts)
Metasploit is available in 3 versions
Metasploit Pro - for pentester
Metasploit Express- for IT security teams
Metasploit Framework - Its an open source & avialable for download for free
To take advantage of a vulnerability, you often need an exploit, a small and highly specialized computer program whose only reason of being is to take advantage of a specific vulnerability and to provide access to a computer system. Exploits often deliver a payload to the target system to grant the attacker access to the system.Here is a article on basic working of EXPLOITS
What is a payload?
A payload is the piece of software that lets you control a computer system after it’s been exploited. The payload is typically attached to and delivered by the exploit. Just imagine an exploit that carries the payload in its backpack when it breaks into the system and then leaves the backpack there.
Basically payload is the way you want to hack your target.Meterpreter is the most reliable payload & we will use it in most of the cases ahead
What is auxiliary?
Metasploit comes with 358 auxiliary.Basically auxiliary is used for information gathering before exploitation for ex if the machine is vulnerable to an attack or not . Here is video on email extractor auxiliary.
What are Nops & Encoders?
Metasploit comes with 8nops & 27 encoders these are used to bypass antiviruses/firewall via different techniques
So moving on to metasploit framework & some important commands
metasploit console is easy to understand if one uses his common sense
the help command does the trick.It shows all the commands available in metasploit.
We will move onto series of discussions & tutorial on metasploit later
"The quieter you are , the more you are able to hear "
Backtrack 5 has Released arm version for smart phones. I would like throw some more flowers on it.
The Backtrack Developing Team have introduced us their new updated creation that is Backtrack-5.It is a Penetration Focused Linux Distribution.
Backtrack offers more than 250 tools for our penetration testing need. The tools include Sniffers , Fuzzers , Forensic tools , Web App Testing Frameworks and my favorite Metasploit
BackTrack 5 On Motorola
For the first time, an ARM image is now provided. So far, the developers have tested it on a Motorola Atrix 4G smartphone and a Motorola Xoom tablet. According to a tweet from the developers they demonstrated the ARM version's functionality by using a Xoom to run Metasploit to gain
NMAP(Network Mapper) is one of the most basic & advanced fingerprinting tool.I recommend this tool to everyone.
Basically NMAP is port scanner with advanced features like host identification topology etc
The six port states recognized by Nmap
OPEN
An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. Finding these is often the primary goal of port scanning. Security-minded people know that each open port is an avenue for attack. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network.
CLOSED
A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They can be helpful in showing that a host is up on an IP address (host discovery, or ping scanning), and as part of OS detection. Because closed ports are reachable, it may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall. Then they would appear in the filtered state, discussed next.
FILTERED
Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically.
UNFILTERED
The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rulesets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open.
open|filtered
Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. The lack of response could also mean that a packet filter dropped the probe or any response it elicited. So Nmap does not know for sure whether the port is open or being filtered. The UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way.
closed|filtered
This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.
here are the two videos showing basics of nmap
For those who have low bandwith nd cant go through videos
Here i used Zenmap(nmap GUI) to scan my windows machine on vmware i used intensive scan with all 65535 ports to scan
Results were really cool showing all my open ports + os detection was accurate
*** Wordlist is the file that contain a lists of words (one word per line)
*** My wordlist is /pentest/passwords/wordlists/wordlists
3. That's you crack the file.
Gelocation has been a hot topic in the social engineering world for quite some time. As a social engineer it is important to be able to profile your targets efficiently. Tools like SET and Maltego make social engineering engagements easier.
Yet up until now there wasn’t a tool out there that helped a social engineer track the physical where-a-bouts of their targets. Of course you could go to their twitter, facebook, 4square and other social media accounts and gather all their messages and then find posts that have geo data in them and then take the time to gather all the details and make sense of them.
What if there was a way to retrieveinformation from Twitter as well as FourSquare. In addition, if you could then gather any geolocation data from flickr, twitpic.com, yfrog.com, img.ly, plixi.com, twitrpix.com, foleext.com, shozu.com, pickhur.com, moby.to, twitsnaps.com and twitgoo.com would that be impressive?
Enters Mr. Yiannis Kakavas. Yiannis approached Social-Engineer.Org with a beta of a tool he calls Cree.py…. and all I can say is creepy it is.
After a few minutes of installation it is up and running in BackTrack 4, Linux or Windows and you can track any targets gelocation from their tweets and social media.
Installation:
As I mentioned, installation in BackTrack is quite simple:
In a command console type: Nano /etc/apt/sources.listAnd add this to the end: deb http://people.dsv.su.se/~kakavas/creepy/ binary/Then in the console type: apt-get updateThen to install cree.py type: apt-get install creepyCreepy is now in the global menu under Applications-> Internet.
Or can be run by typing CreepymapInto the console.
Running Cree.py
Once you start creepy up you are greeted by a very nice GUI interface:
Creepy Interface
In the “Search For” box you type in the full name of your target and hit “search”:
Searching with in Creepy
Once the search is done you can scroll through all your choices and double click them. Which will place their nick into the Username field.
After that click the “Geolocate Target” button:
The Geolocation Map
That opens up the map view tab and starts to scrape through the targets tweets and other information looking for geolocation data. When it is done searching:
Geo Data Galore
Some of the other great features of Cree.py is that you can export your targets map as a Google Earth filter and then open it up in Google Earth.
Google Earth Data
As you can see Cree.py is just that – CREEPY, but what a great tool to gather information and building profiles on targets.
w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. To read our short and long term objectives, please click over the Project Objectives item in the main menu. This project is currently hosted at SourceForge , for further information, you may also want to visit w3af SourceForge project page .
If you are here just to "take a look" please watch the w3af video demos!
A nice tool to check web applications and a good frame work to carry out your tests. It is whatMetasploit is for Network Penetration Testing.
w3af is a WebApplication Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more
This tools lags a bit for windows but as its open source you cant complain :P Although runs smoothly on linux
Backtrack4 is the highest rated and acclaimed Linuxsecurity distribution to date. BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.
it contains about 300 pre installed tools :)
official change log for bt4 r2
Kernel 2.6.35.8 – *Much* improved mac80211 stack.
USB 3.0 support.
New wireless cards supported.
All wireless Injection patches applied, maximum support for wireless attacks.
Even *faster* desktop environment.
Revamped Fluxbox environment for the KDE challenged.
Metasploitrebuilt from scratch, MySQL db_drivers working out of the box.
Updated old packages, added new ones, and removed obsolete ones.
New BackTrack Wiki with better documentation and support.
Our most professional, tested and streamlined release ever.
yes i would totally recommend you guys to use backtrack instead of other distros reason:
Backtrack is owned by offensive security they guys update it regularly+it has biggest community support in terms of hacking distros.
I was watching some video presentations and luckily i found this one :)
this is vocal difference between windows 7 vs backtrack a bit on funny side but worth watching...
