Mumbai null May 2012 Meet

1. Presentation By: Wasim Halani & Vinesh Redkar
Network Intelligence India Pvt. Ltd.

2. Source: Online

3.  Introduction to Backtrack
 Why we need Backtrack
 Difference between GNOME and KDE.
 File Permission
 $PATH Variable
 Starting up with Backtrack.
 Major tool in Backtrack.
 Configuring the Network
 Connect Backtrack With putty.
 Installation of Program and Update Backtrack
 Useful Command

4.  A Linux distribution designed for penetration
testing and information security auditing
distribution.
 Backtrack is based on Ubuntu/Debian
 Backtrack has many security tools compiled
and preinstalled.
 Download
 http://www.backtrack-linux.org/downloads/

5.  Open Source Platform.
 Linux platform
 More number of tools available
 Easier to script and perform operations
 Has better compatibility with tools (nmap)
 Compiled toolkit
 Lesser dependency at client side
 Easy to use – Ubuntu + GUI

6.  Does it really matter ??!
 Personal preference

7.  Each file and directory has three user based permission groups:
 Owner(u)
 Group(g)
 Others(o)
 Permission Types
 Read(r)-4
 Write(w)-2
 Execute(x)-1
 Viewing the permission of file
 Ls –l <file name>
 Assigning Permission to file
 Chmod +x <file name>
(Note: x is for execute)

8.  $PATH is Environment Variable
 This Variable allows programs residing in the
different working directory to be executed
directly.
 Viewing the $PATH variable
 Echo $PATH
 Setting up $PATH variable
 export PATH=$PATH:”directory”

9. • You need to log in first
– User name: root
– Password: toor
• The graphical desktop does not start by
default
#> startx

10.  Information Gathering
 Vulnerability Assessment
 Exploitation tool
 Maintaining Access
 Reverse Engineering
 Forensics
 Reporting Tool
 Services

11.  Information Gathering and Enumeration Tool
 Nmap-Utility for network exploration and security
auditing.
 Wireshark-Network Protocol analyzer.
 Hping-TCP/IP packet assembler/analyzer.
 Maltego- Information Gathering tool.

12.  Vulnerability Assessment Tool
 Nikto
 Nessus
 W3af
 BurpSuite
 Exploitation tools
 Metasploit
 Exploitdb
 Sqlmap
 Aircrack-ng
 Beef
 SET (Social Engineering Toolkit)

13.  Maintaining Access
 Webshells
 Metasploit
 Reverse Engineering
 Ollydbg
 Forensics
 Autospy
 Wireshark
 Pdfid
 Voltality

14.  Reporting Tool
 Dradis
 Magictree

16.  Manually Setting IP address
 ifconfig eth0 up
 ifconfig eth0 [youripaddress] netmask [your
netmask]
 route add default gw [your gateway] eth0
 echo nameserver [yourDNS]> /etc/resolv.conf
 etc/init.d/networking restart
 Dynamically Setting IP address
 dhclient

17.  Putty
 Download: http://www.putty.org/
 Connecting Backtrack using putty over SSH
 sshd-generate
 /etc/init.d/ssh start

18.  Software Installation
 Extracting tar file
▪ tar xvf filename.tar.gz
▪ tar xvjf filename.tar.bz2
 apt-get install <software_name>
 apt-cache search <software_name>
 Fetching File From Internet
 wget <link>
 Update Backtrack
 apt-get update
 apt-get dist-upgrade
 apt-get install beef
 reboot

19.  Show Information
 Man-man option <keyword>
 Info-info <keyword>
 Help-<Program name> -help
 Finding file
 Locate-locate <filename>
 Search-search <keyword>
 Find
 Create and edit a file
 Nano