setting up backtrack
TRANSCRIPT
Lee Baird
â˘âŻ Malware analysis
â˘âŻ Enterprise security assessments for Fortune 500
â˘âŻ Computer network exploitation
â˘âŻ Wireless
â˘âŻ Social engineering
â˘âŻ Physical
Overview
â˘âŻ What is BackTrack?
â˘âŻ Setting up your virtual machine
â˘âŻ Information gathering
â˘âŻ Nmap
â˘âŻ Metasploit
â˘âŻ Automation with bash scripts
What is BackTrack?
â˘âŻ Linux-Ââbased security distro
â˘âŻ Contains many tools used for security assessments
â˘âŻ 32 and 64-Ââbit
â˘âŻ Gnome and KDE environment
â˘âŻ Bare metal, live DVD, USB thumb drive or VM
â˘âŻ Free!
Where can I find it?
â˘âŻ www.backtrack-Ââlinux.org
â˘âŻ Downloads
â˘âŻ How To
â˘âŻ Forums
â˘âŻ Wiki
â˘âŻ Training through Offensive Security
Setting up a VM
â˘âŻ Latest version is BackTrack 5 R3
â˘âŻ Choose your environment and download
â˘âŻ VMware version, 32-Ââbit Gnome ~ 2 GB in size
â˘âŻ OS X â VMware Fusion 4 or 5
â˘âŻ Windows â VMware Workstation 8 or 9
â˘âŻ 1 to 4 GB of RAM
Setting up a VM
â˘âŻ Expand BT5R2-ÂâGNOME-ÂâVM-Ââ32.7z
â˘âŻ File > Open > BT5R2-ÂâGNOME-ÂâVM-Ââ32.vmx > Open
â˘âŻ Play > I copied it
â˘âŻ Login with default account: root -Ââ toor
â˘âŻ Change the root password: passwd
â˘âŻ Fix the splash screen: fix-Ââsplash
Setting up a VM
â˘âŻ Reboot: reboot
â˘âŻ Login with new password
â˘âŻ Start the GUI: startx
â˘âŻ Take a snapshot
Install VMware Tools
â˘âŻ Open a Terminal: prepare-Ââkernel-Ââsources
â˘âŻ On VMware, Virtual Machine > Install VMware Tools >
Install
â˘âŻ mkdir /mnt/cdrom; mount /dev/cdrom /mnt/cdrom
â˘âŻ cp /mnt/cdrom/VMwareTools-Ââ<version>.tar.gz /tmp/
â˘âŻ cd /tmp/
Install VMware Tools
â˘âŻ tar zxpf VMwareTools-Ââ<version>.tar.gz
â˘âŻ cd vmware-Ââtools-Ââdistrib/
â˘âŻ ./vmware-Ââinstall.pl
â˘âŻ Accept all the defaults.
â˘âŻ reboot
â˘âŻ Enjoy cut, copy and paste between host and VM
Terminal
â˘âŻ Where you will spend most of your time
â˘âŻ Edit > Profile Preferences
â˘âŻ General > Monospace 13
â˘âŻ Color > Text color > white
â˘âŻ Background > Transparent background > Maximum
â˘âŻ Scrolling > Unlimited *
gedit
â˘âŻ Text based editor
â˘âŻ Edit > Preferences
â˘âŻ Display line numbers
â˘âŻ Highlight current line
â˘âŻ Editor > Tab width 5, Insert spaces instead of tabs
â˘âŻ Font & Colors > Monospace 12, Oblivion
Auto Login
â˘âŻ apt-Ââget install rungetty
â˘âŻ nano /etc/init/tty1.conf
â˘âŻ #exec /sbin/getty -Ââ8 38400 tty1
â˘âŻ exec /sbin/rungetty tty1 -Ââ-Ââautologin root
â˘âŻ echo startx > .bash_profile
â˘âŻ reboot
Firefox
â˘âŻ Help > About Firefox > Check for Updates
â˘âŻ Plug-Ââins: Firebug, Tamper Data, Web Developer
â˘âŻ Metasploit https://localhost:3790
â˘âŻ Nessus https://localhost:8834
â˘âŻ NeXpose https://localhost:3780
â˘âŻ NSEDoc http://nmap.org/nsedoc/
Scripts â˘âŻ svn co https://backtrack-Ââscripts.googlecode.com/svn/ /opt/scripts
â˘âŻ chmod 755 /opt/scripts/ -ÂâR
â˘âŻ cd /opt/scripts/
â˘âŻ ./setup.sh
setup.sh
â˘âŻ Create SSH keys
â˘âŻ Sets up aliases
â˘âŻ Installs Filezilla
â˘âŻ Installs xdotool
svn and github
â˘âŻ dnsrecon
â˘âŻ theHarvester
â˘âŻ jigsaw
â˘âŻ Metasploit
â˘âŻ Nmap
â˘âŻ sqlmap
Aliases â Short Cuts
â˘âŻ c clear
â˘âŻ l ls âl
â˘âŻ cl clear & ls -Ââl
â˘âŻ e exit
â˘âŻ r cd /root/ & clear
â˘âŻ s cd /opt/scripts/ & clear
Aliases -Ââ Networking
â˘âŻ i ifconfig && ping âc3 google.com
â˘âŻ n netstat âantup
Interface
Mac address
Internal IP
External IP
Alias -Ââ Misc
â˘âŻ sip correctly sort a list of IP addresses
sort hosts.txt sip hosts.txt
10.0.0.1 10.0.0.1
10.0.0.10 10.0.0.2
10.0.0.2 10.0.0.10
10.0.0.200 10.0.0.200
Alias -Ââ update
â˘âŻ date & time
â˘âŻ BackTrack distro
â˘âŻ aircrack-Ââng
â˘âŻ dnsrecon
â˘âŻ exploit-Ââdb
â˘âŻ GISKismet
â˘âŻ theHarvester
â˘âŻ Jigsaw
â˘âŻ Metasploit
â˘âŻ Nikto
â˘âŻ Nmap
â˘âŻ scripts
â˘âŻ SET â˘âŻ sqlmap
â˘âŻ w3af
Recon
â˘âŻ Black box engagement
â˘âŻ Social engineering
â˘âŻ What kind of intel do I need?
â˘âŻ Where can I find it?
â˘âŻ script -Ââ Open source intelligence gathering
â˘âŻ script -Ââ Scrape
Company
â˘âŻ Downloads info from DeepMagic, IntoDNS and Robtex.
â˘âŻ /root/recon/
dns-Ââhealth.html
dns.html
ptr-Âârecords.txt
â˘âŻ Open multiple tabs in Firefox with various URLs
Company
â˘âŻ ARIN
â˘âŻ IPinfoDb
â˘âŻ Netcraft
â˘âŻ SHODAN
â˘âŻ Jigsaw
â˘âŻ Pastebin
â˘âŻ Google hacking
â˘âŻ EDGAR
â˘âŻ Google Finance
Google Hacking
â˘âŻ Search for all URLs of a particular domain
â˘âŻ site:<domain>
â˘âŻ Search for a particular file type
â˘âŻ Excel, PowerPoint, Word, PDF and txt
â˘âŻ filetype:<type>
Person
â˘âŻ 123people.com
â˘âŻ 411.com
â˘âŻ phonenumbers.addresses.com
â˘âŻ cvgadget.com
â˘âŻ search.nndb.com
â˘âŻ spokeo.com
â˘âŻ zabasearch.com
Passive
â˘âŻ goofile
â˘âŻ goo-Ââmail
â˘âŻ goohost
â˘âŻ theHarvester
â˘âŻ Metasploit
â˘âŻ Whois
Active
â˘âŻ dnsenum
â˘âŻ dnsrecon
â˘âŻ dnswalk
â˘âŻ traceroute
â˘âŻ lbd â load balance detector
Discover
â˘âŻ Host discovery
â˘âŻ Ping sweep
â˘âŻ Single host or URL
â˘âŻ Local area network
â˘âŻ List of hosts
â˘âŻ CIDR notation
Nmap
â˘âŻ Port scanning
â˘âŻ Service enumeration
â˘âŻ OS identification
â˘âŻ Nmap scripting engine (NSE)
â˘âŻ 432 scripts and growing
Metasploit
â˘âŻ Exploitation framework
â˘âŻ Database integration
â˘âŻ Auxiliary scanners
Brute force
Enumeration
â˘âŻ Resource files
Automation
â˘âŻ Why do we need automation?
Repeatable process
Do not want to miss any steps
â˘âŻ What can be automated?
â˘âŻ DEMO
Lee Baird
â˘âŻ Google Code
â˘âŻ http://code.google.com/p/backtrack-Ââscripts/
â˘âŻ Ping me on GTalk
â˘âŻ [email protected]