1 / 12

Hands on with BackTrack

Hands on with BackTrack. Information gathering, scanning, simple exploits By Edison Carrick. Starting up and Getting an IP. startx ifup eth0. The Tools. The ‘K Menu’ That’s not all: The `/pentest` directory. netdiscover. ‘an active/passive address reconnaissance tool’

astro
Télécharger la présentation

Hands on with BackTrack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick

  2. Starting up and Getting an IP • startx • ifup eth0

  3. The Tools • The ‘K Menu’ • That’s not all: • The `/pentest` directory

  4. netdiscover • ‘an active/passive address reconnaissance tool’ • Using ARP, it detects live hosts on a network.

  5. nmap • Nmap ("Network Mapper") is a free and open source commandline utility for network exploration or security auditing. • Extremely powerful. • Simple use: Nmap –v –A ‘v’ for verbosity and ‘A’ for OS/version Detection

  6. ZenmapNmap, but prettier • Zenmap is a GUI interface for nmap. • Easily detect OS, Services, TCP sequences and more with a click or two of a button.

  7. Exploits • Databases and Programs • ExploitDB • Metasploit • The internet • Exploit-db.com • Google

  8. Searching for a vulnerability • exploitDB • ./searchsploit • Googling • Conveniently Remote Exploit has included their exploitDB on backtrack. • Since we have a 2003 server lets search for 2003 vulnerabilities. • ./searchsploit 2003 • ./searchsploit 2k3

  9. Exploring and Testing a written Exploit • ‘cat’ perfect for viewing • Recognizing shellcode, and how the exploit runs. • Running the exploit • ./7132.py • Finding the usage

  10. Getting the Shell • ./7132.py 192.168.1.2 2 • Noticing that the exploit prints that the shell is bound to the server on port 4444. • Netcat- the tool for everything • nc –v 192.168.1.2 4444

  11. Prevention? • Keep servers and computers up-to-date and patched. • Use only services that are necessary, and disable the ones unneeded. • Using the default settings can be dangerous.

  12. More Information • NetDiscover- http://nixgeneration.com/~jaime/netdiscover/ • Nmap/Zenmap- http://nmap.org/ • http://www.exploit-db.com/ • http://www.metasploit.com/ • More on the MS08-067 vulnerability-MS08-067 • Background image for PowerPoint found at- xshock.de

More Related