SlideShare a Scribd company logo

BackTrack 4 R2 - SFISSA Presentation

Download as PPTX, PDF
Jorge Orchilles
Jorge Orchilles

This presentation was put together for a South Florida ISSA technical workshop.

Technology
1 of 24
BackTrack 4 – R2 Jorge Orchilles Peter Greko South Florida ISSA
About Jorge Orchilles ,[object Object]
Security Analyst – Fortune 10
Consultant by night – Orchilles Consulting
Master of Science and BBA in Management Information Systems – Florida International University
Author – Microsoft Windows 7 Administrator’s Reference (Syngress)
Certifications – CISSP, GCIH, CEH, CICP, CCDA, CSSDS, MCTS, MCP, Security+
Organizations:
President South Florida ISSA
OWASP
InfraGard
Miami Electronic Crimes Task Force
Hack Miami,[object Object]
Intro to Back Track Live DVD for Penetration Testing Can download VM as well 300+ tools installed Saves a lot of time Runs on Ubuntu KDE http://www.backtrack-linux.org
Let’s Get Started Insert the Back Track 4 –R2 DVD and reboot your computer. When the BIOS comes up, press F2, F12, etc depending on your BIOS for the Boot Menu – select DVD. When BackTrack splash screen comes up press Enter. To log in: Username: root Password: toor
Configure Start KDE: startx Start networking: Open a terminal: /etc/init.d/networking start Wireless: KDE-Internet-Wicd Network Manager SSID: SFISSA WPA-PSK: SFISSArocks! DHCP: 192.168.1.200-249/24 Static IP: ifconfig eth0 192.168.1.1XX/24 route add default gw 192.168.1.1 (not required) DNS: echo nameserver <ip> > /etc/resolve.conf Do not use: 192.168.1.1 192.168.1.100 – Level 1 Victim 192.168.1.110 – Level 2 Victim 192.168.1.120 - Metasploitable Ping 192.168.1.110 to ensure you are up.
/pentest Get familiar with the BackTrack GUI and /pentest directory These are all the tools available to you How many have you played with already?
Ethical Hacking 101 0. Get Permission Information Gathering Recon – Scanning Gain Access Maintain Access Cover Tracks – clean up “Most of hacking is doing user and admin tasks with malicious intent.” – SANS SEC504 Class
0. Get Permission You have permission to attack ONLY the following hosts: 192.168.1.100 192.168.1.110 192.168.1.120 Anything else is considered illegal! SFISSA SFISSArocks!
1. Information Gathering We will be probing three hosts which were already given. Some background 100 and 110 are from Heorot.net 120 is called Metasploitable Not much else to do here No Google
Real Scenario You would most likely need to identify live hosts: Ping sweep: nmap –sP 192.168.1.0/24 DNS Zone transfer: host –l <domain.local> <DNSserverip> Netdiscover – BackTrack KDE Documentation Create a txt file with identified hosts.
2. Recon We will start by probing the hosts to determine open ports: nmap We can also run other automated tools, like a vulnerability scanner or web application scanner: Nessus Nikto
nmap Nmap is: Free and open source Tool to discover, monitor, and troubleshoot TCP/IP Cross Platform Simple to use http://nmap.org/
Using nmap 101 Millions of options nmap –h nmap [target] – scans 1000 most common TCP ports nmap –F [target] – scans 100 most common TCP ports nmap –iLfilename.txt – scans all hosts in file, one per line

Recommended

About linux-english
About linux-englishAbout linux-english
About linux-english
Shota Ito
 
Linux Virus
Linux VirusLinux Virus
Linux Virus
Akhil Kadangode
 
Mak3
Mak3Mak3
Mak3
webuploader
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
Shaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 
Backtrack
BacktrackBacktrack
Backtrack
n|u - The Open Security Community
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linux
mariuszantal
 
Intro To Hacking
Intro To HackingIntro To Hacking
Intro To Hacking
nayakslideshare
 
NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin
Davide Cioccia
 

Recommended

About linux-english
About linux-englishAbout linux-english
About linux-english
Shota Ito
 
Linux Virus
Linux VirusLinux Virus
Linux Virus
Akhil Kadangode
 
Mak3
Mak3Mak3
Mak3
webuploader
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
Shaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 
Backtrack
BacktrackBacktrack
Backtrack
n|u - The Open Security Community
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linux
mariuszantal
 
Intro To Hacking
Intro To HackingIntro To Hacking
Intro To Hacking
nayakslideshare
 
NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin
Davide Cioccia
 
visagie_freebsd
visagie_freebsdvisagie_freebsd
visagie_freebsd
webuploader
 
Managing the system and network connection Linux
Managing the system and network connection LinuxManaging the system and network connection Linux
Managing the system and network connection Linux
Shriharsh Shendre
 
Backtrack
BacktrackBacktrack
Backtrack
One97 Communications Limited
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
Gregory Hanis
 
Snort-IPS-Tutorial
Snort-IPS-TutorialSnort-IPS-Tutorial
Snort-IPS-Tutorial
Vladimir Koychev
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat Security Conference
 
EMSC1515104 Shehansuhail
EMSC1515104 ShehansuhailEMSC1515104 Shehansuhail
EMSC1515104 Shehansuhail
Mohomed Shehan
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
Tiago Cruz
 
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
South Tyrol Free Software Conference
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short description
Jose Moruno Cadima
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5
Ayush Goyal
 
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
APNIC
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016
DefensiveDepth
 
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
RootedCON
 
Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation
Vipin George
 
Snort
SnortSnort
Snort
bala150985
 
amrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdf
amrapalibuildersreviews
 
2015.10.05 Updated > Network Device Development - Part 2: Firewall 101
2015.10.05 Updated > Network Device Development - Part 2: Firewall 1012015.10.05 Updated > Network Device Development - Part 2: Firewall 101
2015.10.05 Updated > Network Device Development - Part 2: Firewall 101
Cheng-Yi Yu
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web Workshop
Dennis Maldonado
 
Ost ssl lec
Ost ssl lecOst ssl lec
Ost ssl lec
Kaustubh Joshi
 
Computer security
Computer securityComputer security
Computer security
Mohamed Abdo
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
Nutan Kumar Panda
 

More Related Content

What's hot

BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat Security Conference
 
EMSC1515104 Shehansuhail
EMSC1515104 ShehansuhailEMSC1515104 Shehansuhail
EMSC1515104 Shehansuhail
Mohomed Shehan
 
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
RootedCON
 
amrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdf
amrapalibuildersreviews
 

What's hot (20)

visagie_freebsd
visagie_freebsdvisagie_freebsd
visagie_freebsd
 
Managing the system and network connection Linux
Managing the system and network connection LinuxManaging the system and network connection Linux
Managing the system and network connection Linux
 
Backtrack
BacktrackBacktrack
Backtrack
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
 
Snort-IPS-Tutorial
Snort-IPS-TutorialSnort-IPS-Tutorial
Snort-IPS-Tutorial
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
 
EMSC1515104 Shehansuhail
EMSC1515104 ShehansuhailEMSC1515104 Shehansuhail
EMSC1515104 Shehansuhail
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
 
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short description
 
Backtrack os 5
Backtrack os 5Backtrack os 5
Backtrack os 5
 
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
IX 2020 - Internet Security & Mitigation of Risk Webinar: Linux Malware and D...
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016
 
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
 
Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation Debian Linux as a Forensic Workstation
Debian Linux as a Forensic Workstation
 
Snort
SnortSnort
Snort
 
amrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdfamrapali builders @@ hacking challenges.pdf
amrapali builders @@ hacking challenges.pdf
 
2015.10.05 Updated > Network Device Development - Part 2: Firewall 101
2015.10.05 Updated > Network Device Development - Part 2: Firewall 1012015.10.05 Updated > Network Device Development - Part 2: Firewall 101
2015.10.05 Updated > Network Device Development - Part 2: Firewall 101
 
Metasploit for Web Workshop
Metasploit for Web WorkshopMetasploit for Web Workshop
Metasploit for Web Workshop
 
Ost ssl lec
Ost ssl lecOst ssl lec
Ost ssl lec
 

Viewers also liked

Viewers also liked (6)

Computer security
Computer securityComputer security
Computer security
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
 
How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drive
 
Backtrack Manual Part9
Backtrack Manual Part9Backtrack Manual Part9
Backtrack Manual Part9
 
Backtrack Manual Part10
Backtrack Manual Part10Backtrack Manual Part10
Backtrack Manual Part10
 
Backtrack Manual Part2
Backtrack Manual Part2Backtrack Manual Part2
Backtrack Manual Part2
 

Similar to BackTrack 4 R2 - SFISSA Presentation

bh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdbh-us-02-murphey-freebsd
bh-us-02-murphey-freebsd
webuploader
 
Linux or unix interview questions
Linux or unix interview questionsLinux or unix interview questions
Linux or unix interview questions
Teja Bheemanapally
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
Amanpreet Singh
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
Yury Chemerkin
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
IT Tech
 
Introduction To Unix
Introduction To UnixIntroduction To Unix
Introduction To Unix
CTIN
 

Similar to BackTrack 4 R2 - SFISSA Presentation (20)

Presentación1
Presentación1Presentación1
Presentación1
 
bh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdbh-us-02-murphey-freebsd
bh-us-02-murphey-freebsd
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
 
Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)Unmasking Careto through Memory Forensics (video in description)
Unmasking Careto through Memory Forensics (video in description)
 
RenasCON 2023: Learning from honeypots
RenasCON 2023: Learning from honeypotsRenasCON 2023: Learning from honeypots
RenasCON 2023: Learning from honeypots
 
Linux or unix interview questions
Linux or unix interview questionsLinux or unix interview questions
Linux or unix interview questions
 
Nullbyte 6ed. 2019
Nullbyte 6ed. 2019Nullbyte 6ed. 2019
Nullbyte 6ed. 2019
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
 
CEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptxCEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptx
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
 
Security Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and ResultsSecurity Walls in Linux Environment: Practice, Experience, and Results
Security Walls in Linux Environment: Practice, Experience, and Results
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened EnvironmentsLet Me Pick Your Brain - Remote Forensics in Hardened Environments
Let Me Pick Your Brain - Remote Forensics in Hardened Environments
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
 
Filip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routersFilip palian mateuszkocielski. simplest ownage human observed… routers
Filip palian mateuszkocielski. simplest ownage human observed… routers
 
How hackers attack networks
How hackers attack networksHow hackers attack networks
How hackers attack networks
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commands
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
 
Introduction To Unix
Introduction To UnixIntroduction To Unix
Introduction To Unix
 

More from Jorge Orchilles

SCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzSCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim Schulz
Jorge Orchilles
 
C2 Matrix Anniversary - Blackhat EU 2020
C2 Matrix Anniversary - Blackhat EU 2020C2 Matrix Anniversary - Blackhat EU 2020
C2 Matrix Anniversary - Blackhat EU 2020
Jorge Orchilles
 
Purple Team Exercise Workshop December 2020
Purple Team Exercise Workshop December 2020Purple Team Exercise Workshop December 2020
Purple Team Exercise Workshop December 2020
Jorge Orchilles
 
Blackhat 2020 Arsenal - C2 Matrix
Blackhat 2020 Arsenal - C2 MatrixBlackhat 2020 Arsenal - C2 Matrix
Blackhat 2020 Arsenal - C2 Matrix
Jorge Orchilles
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
Jorge Orchilles
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMCon
Jorge Orchilles
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Jorge Orchilles
 
Cuddling the Cozy Bear Emulating APT29
Cuddling the Cozy Bear Emulating APT29Cuddling the Cozy Bear Emulating APT29
Cuddling the Cozy Bear Emulating APT29
Jorge Orchilles
 

More from Jorge Orchilles (20)

SCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim SchulzSCYTHE Purple Team Workshop with Tim Schulz
SCYTHE Purple Team Workshop with Tim Schulz
 
So you want to be a red teamer
So you want to be a red teamerSo you want to be a red teamer
So you want to be a red teamer
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security Weekly
 
KringleCon 3 Providing Value in Offensive Security
KringleCon 3 Providing Value in Offensive SecurityKringleCon 3 Providing Value in Offensive Security
KringleCon 3 Providing Value in Offensive Security
 
C2 Matrix Anniversary - Blackhat EU 2020
C2 Matrix Anniversary - Blackhat EU 2020C2 Matrix Anniversary - Blackhat EU 2020
C2 Matrix Anniversary - Blackhat EU 2020
 
Purple Team Exercise Workshop December 2020
Purple Team Exercise Workshop December 2020Purple Team Exercise Workshop December 2020
Purple Team Exercise Workshop December 2020
 
External Threat Hunters are Red Teamers
External Threat Hunters are Red TeamersExternal Threat Hunters are Red Teamers
External Threat Hunters are Red Teamers
 
Evolution of Offensive Assessments - SecureWV Conference
Evolution of Offensive Assessments - SecureWV ConferenceEvolution of Offensive Assessments - SecureWV Conference
Evolution of Offensive Assessments - SecureWV Conference
 
Purple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHatPurple Team Exercise Hands-On Workshop #GrayHat
Purple Team Exercise Hands-On Workshop #GrayHat
 
Evolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootConEvolution of Offensive Assessments - RootCon
Evolution of Offensive Assessments - RootCon
 
8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix
 
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerDEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
 
Blackhat 2020 Arsenal - C2 Matrix
Blackhat 2020 Arsenal - C2 MatrixBlackhat 2020 Arsenal - C2 Matrix
Blackhat 2020 Arsenal - C2 Matrix
 
Purple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEFPurple Team Exercise Framework Workshop #PTEF
Purple Team Exercise Framework Workshop #PTEF
 
Purple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMConPurple Team Exercises - GRIMMCon
Purple Team Exercises - GRIMMCon
 
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
 
Cuddling the Cozy Bear Emulating APT29
Cuddling the Cozy Bear Emulating APT29Cuddling the Cozy Bear Emulating APT29
Cuddling the Cozy Bear Emulating APT29
 
Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020Adversary Emulation - Red Team Village - Mayhem 2020
Adversary Emulation - Red Team Village - Mayhem 2020
 
Adversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSEAdversary Emulation and Red Team Exercises - EDUCAUSE
Adversary Emulation and Red Team Exercises - EDUCAUSE
 
Adversary Emulation - DerpCon
Adversary Emulation - DerpConAdversary Emulation - DerpCon
Adversary Emulation - DerpCon
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 

BackTrack 4 R2 - SFISSA Presentation

  • 1. BackTrack 4 – R2 Jorge Orchilles Peter Greko South Florida ISSA
  • 2.
  • 4. Consultant by night – Orchilles Consulting
  • 5. Master of Science and BBA in Management Information Systems – Florida International University
  • 6. Author – Microsoft Windows 7 Administrator’s Reference (Syngress)
  • 7. Certifications – CISSP, GCIH, CEH, CICP, CCDA, CSSDS, MCTS, MCP, Security+
  • 10. OWASP
  • 13.
  • 14. Intro to Back Track Live DVD for Penetration Testing Can download VM as well 300+ tools installed Saves a lot of time Runs on Ubuntu KDE http://www.backtrack-linux.org
  • 15. Let’s Get Started Insert the Back Track 4 –R2 DVD and reboot your computer. When the BIOS comes up, press F2, F12, etc depending on your BIOS for the Boot Menu – select DVD. When BackTrack splash screen comes up press Enter. To log in: Username: root Password: toor
  • 16. Configure Start KDE: startx Start networking: Open a terminal: /etc/init.d/networking start Wireless: KDE-Internet-Wicd Network Manager SSID: SFISSA WPA-PSK: SFISSArocks! DHCP: 192.168.1.200-249/24 Static IP: ifconfig eth0 192.168.1.1XX/24 route add default gw 192.168.1.1 (not required) DNS: echo nameserver <ip> > /etc/resolve.conf Do not use: 192.168.1.1 192.168.1.100 – Level 1 Victim 192.168.1.110 – Level 2 Victim 192.168.1.120 - Metasploitable Ping 192.168.1.110 to ensure you are up.
  • 17. /pentest Get familiar with the BackTrack GUI and /pentest directory These are all the tools available to you How many have you played with already?
  • 18. Ethical Hacking 101 0. Get Permission Information Gathering Recon – Scanning Gain Access Maintain Access Cover Tracks – clean up “Most of hacking is doing user and admin tasks with malicious intent.” – SANS SEC504 Class
  • 19. 0. Get Permission You have permission to attack ONLY the following hosts: 192.168.1.100 192.168.1.110 192.168.1.120 Anything else is considered illegal! SFISSA SFISSArocks!
  • 20. 1. Information Gathering We will be probing three hosts which were already given. Some background 100 and 110 are from Heorot.net 120 is called Metasploitable Not much else to do here No Google
  • 21. Real Scenario You would most likely need to identify live hosts: Ping sweep: nmap –sP 192.168.1.0/24 DNS Zone transfer: host –l <domain.local> <DNSserverip> Netdiscover – BackTrack KDE Documentation Create a txt file with identified hosts.
  • 22. 2. Recon We will start by probing the hosts to determine open ports: nmap We can also run other automated tools, like a vulnerability scanner or web application scanner: Nessus Nikto
  • 23. nmap Nmap is: Free and open source Tool to discover, monitor, and troubleshoot TCP/IP Cross Platform Simple to use http://nmap.org/
  • 24. Using nmap 101 Millions of options nmap –h nmap [target] – scans 1000 most common TCP ports nmap –F [target] – scans 100 most common TCP ports nmap –iLfilename.txt – scans all hosts in file, one per line
  • 25. Using nmap 102 nmap –sS [target] – SYN Scan nmap –O – os fingerprinting nmap –p80 – scans port 80 -p- all ports -p21,22,25,80 – scans those ports nmap –v – verbose nmap –n – do not resolve DNS Many cheat sheets online and –h has many more Example nmap –sSV –n –O –P0 192.168.1.100 > 100TCP.txt
  • 26. Lab Open a terminal cd to location where hosts.txt is nmap –n –F –iLhosts.txt This will do a quick scan (100 most common TCP ports) for each live host What did you find? What now? Documentation http://192.168.1.100
  • 27. Go at it The intro and scenario has been set Feel free to hack away at the three hosts: 192.168.1.100 192.168.1.110 192.168.1.120
  • 28. Nessus Nessus is NOT a part of BackTrack but the best vulnerability scanner available http://www.tenablesecurity.com For BackTrack 4 download – Ubuntu 8.04 32bit.deb Install: dpkg –I *.deb /opt/nessus/sbin/nessus-adduser Register: http://www.nessus.org/plugins/?view=register-info Start Nessus: /etc/init.d/nessusd start https://localhost:8834/
  • 29. Nikto Web Server Scanner http://cirt.net/nikto2 /pentest/scanners/nikto ./nikto.pl –host <websiteip>:<port>
  • 30. 3. Gain Access Leverage findings from steps 1 and 2 What have we found? Use Hydra to brute force ssh using possible usernames.
  • 31. 3. Elevate Privileges The user you cracked doesn’t have enough privileges… how do you find who does? Cat /etc/passwd Cat /etc/group Bruteforce SSH with known user that has sudoprivs….
  • 32. Keep Going and Try Harder!!! Each scenario is different Use what you know and have experienced in the past in the current scenario. Tools won’t do it all, use your head!
  • 33. Conclusion and Take Away Get permission Run some scans on your hosts Nmap Nessus Nikto Always be willing to learn more, try harder, and think harder
  • 34. Questions? Jorge Orchilles jorge@orchilles.com Twitter: jorgeorchilles http://www.orchilles.com