3 Review(s)

BackTrack is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment. Applying appropriate testing methodology with defined business objectives and a scheduled test plan will result in robust penetration testing of your network. BackTrack 4: Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating the cutting-edge hacker tools and techniques in a coherent step-by-step strategy. It offers all the essential lab preparation and testing procedures to reflect real-world attack scenarios from your business perspective in today's digital age. The authors' experience and expertise enables them to reveal the industry's best approach for logical and systematic penetration testing. The first and so far only book on BackTrack OS starts with lab preparation and testing procedures, explaining the basic installation and configuration set up, discussing types of penetration testing (black-box and white-box), uncovering open security testing methodologies, and proposing the BackTrack specific testing process. The authors discuss a number of security assessment tools necessary to conduct penetration testing in their respective categories (target scoping, information gathering, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, maintaining access, and reporting), following the formal testing methodology. Each of these tools is illustrated with real-world examples to highlight their practical usage and proven configuration techniques. The authors also provide extra weaponry treasures and cite key resources that may be crucial to any professional penetration tester. This book serves as a single professional, practical, and expert guide to developing hardcore penetration testing skills from scratch. You will be trained to make the best use of BackTrack OS either in a commercial environment or an experimental test bed. A tactical example-driven guide for mastering the penetration testing skills with BackTrack to identify, detect, and exploit vulnerabilities at your digital doorstep. What you will learn from this book : Initiate the BackTrack OS environment in your test lab by installing, configuring, running, and updating its core system components   Draw a formal BackTrack testing methodology   Scope your target with definitive test requirements, limitations, and business objectives, and schedule the test plan   Gain practical experience with a number of security tools from BackTrack logically divided into sub-categories of testing methodology   Practice the process of reconnaissance, discovery, enumeration, vulnerability mapping, social engineering, exploitation, privilege escalation, and maintaining access to your target for evaluation purposes   Document, report, and present your verified test results to the relevant authorities in a formal reporting structure   Assess the various technologies comprising your target information system's environment, such as web applications, network administration servers, workstations, Cisco devices, firewalls, load balancers, routers, switches, intrusion detection and prevention devices, and many more   Examine and research the vulnerability in greater detail before attempting to exploit it by taking control of the target, thus reducing any false positives   Exploit human vulnerability by wrapping yourself with the art of deception to acquire the target Approach Written as an interactive tutorial, this book covers the core of BackTrack with real-world examples and step-by-step instructions to provide professional guidelines and recommendations to you. The book is designed in a simple and intuitive manner, which allows you to explore the whole BackTrack testing process or study parts of it individually. Who this book is written for If you are an IT security professional or network administrator who has a basic knowledge of Unix/Linux operating systems including awareness of information security factors, and you want to use BackTrack for penetration testing, then this book is for you. About the Author Shakeel Ali is a main founder and CTO of Cipher Storm Ltd, UK. His expertise in the security industry markedly exceeds the standard number of security assessments, compliance, governance, and forensic projects that he carries in day-to-day operations. As a senior security evangelist and having spent endless nights without taking a nap, he provides constant security support to various businesses and government institutions globally. He is an active independent researcher who writes various articles, whitepapers, and manages a blog at Ethical-Hacker.net. He regularly participates in BugCon Security Conferences, Mexico, to highlight the best-of-breed cyber security threats and their solutions from practically driven countermeasures. Tedi Heriyanto currently works as a Senior Technical Consultant in an Indonesian information technology company. He has worked with several well-known institutions in Indonesia and overseas, in designing secure network architecture, deploying and managing enterprise-wide security systems, developing information security policies and procedures, doing information security audit and assessment, and giving information security awareness training. In his spare times, he manages to research, write various articles, participate in Indonesian Security Community activities, and maintain a blog site. He has shared his knowledge in information security by writing several information security and computer programming books. Table of Contents Preface PART I: Lab Preparation and Testing Procedures Chapter 1: Beginning with BackTrack History BackTrack purpose Getting BackTrack Using BackTrack Live DVD Installing to hard disk Installation in real machine Installation in VirtualBox Portable BackTrack Configuring network connection Ethernet setup Wireless setup Starting the network service Updating BackTrack Updating software applications Updating the kernel Installing additional weapons Nessus vulnerability scanner WebSecurify Customizing BackTrack Summary Chapter 2: Penetration Testing Methodology Types of penetration testing Black-box testing White-box testing Vulnerability assessment versus penetration testing Security testing methodologies Open Source Security Testing Methodology Manual (OSSTMM) Key features and benefits Information Systems Security Assessment Framework (ISSAF) Key features and benefits Open Web Application Security Project (OWASP) Top Ten Key features and benefits Web Application Security Consortium Threat Classification (WASC-TC) Key features and benefits BackTrack testing methodology Target scoping Information gathering Target discovery Enumerating target Vulnerability mapping Social engineering Target exploitation Privilege escalation Maintaining access Documentation and reporting The ethics Summary PART II: Penetration Testers Armory Chapter 3: Target Scoping Gathering client requirements Customer requirements form Deliverables assessment form Preparing the test plan Test plan checklist Profiling test boundaries Defining business objectives Project management and scheduling Summary Chapter 4: Information Gathering Public resources Document gathering Metagoofil DNS information dnswalk dnsenum dnsmap dnsmap-bulk dnsrecon fierce Route information 0trace dmitry itrace tcpraceroute tctrace Utilizing search engines goorecon theharvester All-in-one intelligence gathering Maltego Documenting the information Dradis Summary Chapter 5: Target Discovery Introduction Identifying the target machine ping arping arping2 fping genlist hping2 hping3 lanmap nbtscan nping onesixtyone OS fingerprinting p0f xprobe2 Summary Chapter 6: Enumerating Target Port scanning AutoScan Netifera Nmap Nmap target specification Nmap TCP scan options Nmap UDP scan options Nmap port specification Nmap output options Nmap timing options Nmap scripting engine Unicornscan Zenmap Service enumeration Amap Httprint Httsquash VPN enumeration ike-scan Summary Chapter 7: Vulnerability Mapping Types of vulnerabilities Local vulnerability Remote vulnerability Vulnerability taxonomy Open Vulnerability Assessment System (OpenVAS) OpenVAS integrated security tools Cisco analysis Cisco Auditing Tool Cisco Global Exploiter Cisco Passwd Scanner Fuzzy analysis BED Bunny JBroFuzz SMB analysis Impacket Samrdump Smb4k SNMP analysis ADMSnmp Snmp Enum SNMP Walk Web application analysis Database assessment tools DBPwAudit Pblind SQLbrute SQLiX SQLMap SQL Ninja Application assessment tools Burp Suite Grendel Scan LBD Nikto2 Paros Proxy Ratproxy W3AF WAFW00F WebScarab Summary Chapter 8: Social Engineering Modeling human psychology Attack process Attack methods Impersonation Reciprocation Influential authority Scarcity Social relationship Social Engineering Toolkit (SET) Targeted phishing attack Gathering user credentials Common User Passwords Profiler (CUPP) Summary Chapter 9: Target Exploitation Vulnerability research Vulnerability and exploit repositories Advanced exploitation toolkit MSFConsole MSFCLI Ninja 101 drills Scenario #1 Scenario #2 Scenario #3 Scenario #4 Scenario #5 Writing exploit module Summary Chapter 10: Privilege Escalation Attacking the password Offline attack tools Rainbowcrack Samdump2 John Ophcrack Crunch Wyd Online attack tools BruteSSH Hydra Network sniffers Dsniff Hamster Tcpdump Tcpick Wireshark Network spoofing tools Arpspoof Ettercap Summary Chapter 11: Maintaining Access Protocol tunneling DNS2tcp Ptunnel Stunnel4 Proxy 3proxy Proxychains End-to-end connection CryptCat Sbd Socat Summary Chapter 12: Documentation and Reporting Documentation and results verification Types of reports Executive report Management report Technical report Network penetration testing report (sample contents) Table of Contents Presentation Post testing procedures Summary PART III: Extra Ammunition Appendix A: Supplementary Tools Vulnerability scanner NeXpose community edition NeXpose installation Starting NeXpose community Login to NeXpose community Using NeXpose community Web application fingerprinter WhatWeb BlindElephant Network Ballista Netcat Open connection Service banner grabbing Simple server File transfer Portscanning Backdoor Shell Reverse shell Summary Appendix B: Key Resources Vulnerability Disclosure and Tracking Paid Incentive Programs Reverse Engineering Resources Network ports Index