Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick
Starting up and Getting an IP startx ifup eth0
The Tools The ‘K Menu’ That’s not all: – The `/pentest` directory
netdiscover ‘an active/passive address reconnaissance tool’ Using ARP, it detects live hosts on a network.
nmap Nmap ("Network Mapper") is a free and open source commandline utility for network exploration or security auditing. Extremely powerful. Simple use: Nmap –v –A ‘v’ for verbosity and ‘A’ for OS/version Detection
Zenmap Nmap, but prettier Zenmap is a GUI interface for nmap. Easily detect OS, Services, TCP sequences and more with a click or two of a button.
Exploits Databases and Programs – ExploitDB – Metasploit The internet – Exploit-db.com – Google
Searching for a vulnerability exploitDB –./searchsploit Googling Conveniently Remote Exploit has included their exploitDB on backtrack. Since we have a 2003 server lets search for 2003 vulnerabilities. –./searchsploit 2003 –./searchsploit 2k3
Exploring and Testing a written Exploit ‘cat’ perfect for viewing Recognizing shellcode, and how the exploit runs. Running the exploit –./7132.py – Finding the usage
Getting the Shell./7132.py Noticing that the exploit prints that the shell is bound to the server on port Netcat- the tool for everything – nc –v
Prevention? Keep servers and computers up-to- date and patched. Use only services that are necessary, and disable the ones unneeded. Using the default settings can be dangerous.
More Information NetDiscover- scover/ scover/ Nmap/Zenmap More on the MS vulnerability- MS MS Background image for PowerPoint found at- xshock.dexshock.de