www.it-ebooks.info BackTrack 4: Assuring Security by Penetration Testing Master the art of penetration testing with BackTrack Shakeel Ali Tedi Heriyanto BIRMINGHAM - MUMBAI www.it-ebooks.info BackTrack 4: Assuring Security by Penetration Testing Copyright © 2011 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: April 2011 Production Reference: 1070411 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-849513-94-4 www.packtpub.com Cover Image by Faiz fattohi (Filosarti@tiscali.it) www.it-ebooks.info Credits Authors Shakeel Ali Tedi Heriyanto Reviewers Mike Beatty Peter Van Eeckhoutte Arif Jatmoko Muhammad Rasyid Sahputra Acquisition Editor Tarun Singh Development Editor Kartikey Pandey Technical Editor Kavita Iyer Copy Editor Neha Shetty Indexers Hemangini Bari Tejal Daruwale Editorial Team Leader Akshara Aware Project Team Leader Priya Mukherji Project Coordinator Sneha Harkut Proofreader Samantha Lyon Graphics Nilesh Mohite Production Coordinator Kruthika Bangera Cover Work Kruthika Bangera www.it-ebooks.info About the Authors Shakeel Ali is the main founder and CTO of Cipher Storm Ltd, UK. His expertise in the security industry markedly exceeds the standard number of security assessments, audits, compliance, governance, and forensic projects that he carries in day-to-day operations. He has also served as a Chief Security Ofcer at CSS- Providers S.A.L. As a senior security evangelist and having spent endless nights without taking a nap, he provides constant security support to various businesses, educational organizations, and government institutions globally. He is an active independent researcher who writes various articles and whitepapers, and manages a blog at Ethical-Hacker.net. He also regularly participates in BugCon Security Conferences held in Mexico, to highlight the best-of-breed cyber security threats and their solutions from practically driven countermeasures. I would like to thank all my friends, reviewers, and colleagues who were cordially involved in this book project. Special thanks to the entire Packt Publishing team, and their technical editors and reviewers who have given invaluable comments, suggestions, feedback, and support to make this project successful. I also want to thank Tedi Heriyanto (co-author) whose continual dedication, contributions, ideas, and technical discussions led to produce the useful product you see today. Last but not least, thanks to my pals from past and present with whom the sudden discovery never ends, and whose vigilant eyes turn an IT industry into a secure and stable environment. www.it-ebooks.info Tedi Heriyanto currently works as a Senior Technical Consultant in an Indonesian information technology company. He has worked with several well-known institutions in Indonesia and overseas, in designing secure network architecture, deploying and managing enterprise-wide security systems, developing information security policies and procedures, doing information security audit and assessment, and giving information security awareness training. In his spare time, he manages to research, write various articles, participate in Indonesian Security Community activities, and maintain a blog site located at http://theriyanto.wordpress. com . He shares his knowledge in the information security eld by writing several information security and computer programming books. I would like to thank my family for supporting me during the whole book writing process. I would also like to thank my friends who guided me in the infosec eld and were always available to discuss infosec issues: Gildas Deograt, Mada Perdhana, Pamadi Gesang, and Tom Gregory. Thanks to the technical reviewers who have provided their best knowledge in their respective elds: Arif Jatmoko, Muhammad Rasyid Sahputra, and Peter "corelanc0d3r" Van Eeckhoutte. Also thanks to the great people at Packt Publishing (Kartikey Pandey, Kavita Iyer, Tarun Singh, and Sneha Harkut), whose comments, feedback, and immediate support has turned this book development project into a successful reality. Last but not least, I would like to give my biggest thanks to my co-author, Shakeel Ali, whose technical knowledge, motivation, ideas, and suggestions made the book writing process a wonderful journey. www.it-ebooks.info About the Reviewers Peter "corelanc0d3r" Van Eeckhoutte is the founder of Corelan Team (http://www.corelan.be), bringing together a group of people who have similar interests: performing IT security/vulnerability research, sharing knowledge, writing and publishing tutorials, releasing security advisories and writing tools. His Win32 Exploit Writing Tutorial series and Immunity Debugger PyCommand "pvendaddr" are just a few examples of his work in the security community. Peter has been working on IT security since the late 90's, focusing on exploit development since 2006. I would like to thank my wife and daughter for their everlasting support and love, and the folks at the Corelan Team for being a truly awesome bunch of friends to work with. Arif Jatmoko (MCom, CISSP, CISA, CCSP, CEH) is an IT Security Auditor at Bank Mandiri tbk, the biggest bank in Indonesia. Arif has spent over 15 years working as a computer security specialist. Since 1999, he joined a top Fortune 500 company as the IT security ofcer, runs several projects in government and military institutions, is a pentester at big4 audit rm and a few major nancial institutions. Since his early school years, Arif has enjoyed coding, debugging, and other reverse engineering stuff. These hobbies have given him the skill to perform security incident analysis for many years. Later (during his more current jobs), Arif was found to be most interested in incident analysis and computer forensics. Especially as an auditor, he frequently deals with investigative analysis in criminals and other fraudulent activities inside the company. Muhammad Rasyid Sahputra currently works as a Security Consultant at Xynexis International. His interests range from analyzing various bugs of open-source and commercial software/products to hacking telecommunication infrastructure www.it-ebooks.info www.PacktPub.com Support les, eBooks, discount offers and more You might want to visit www.PacktPub.com for support les and downloads related to your book. Did you know that Packt offers eBook versions of every book published, with PDF and ePub les available? You can upgrade to the eBook version at www.PacktPub. com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks. http://PacktLib.PacktPub.com Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books. Why Subscribe? • Fully searchable across every book published by Packt • Copy and paste, print and bookmark content • On demand and accessible via web browser Free Access for Packt account holders If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access. www.it-ebooks.info www.it-ebooks.info To my loving family: For their support and specially my cute little niece "Jennifer"and nephew "Adan" whose smile is an inspiration and encouragement for my life. To Medha Kant "lovely maggie": The most amazing and beautiful person I know. You're my idol and your kheer will remain best of my success. To my brilliant teachers: The ones who turned an ordinary child into his superior excellence and extraordinary individual. To all my friends and colleagues: Amreeta Poran, Li Xiang, Fazza3, Eljean Desamparado, Sheikha Maitha, Rizwan Shariff, Islahuddin Syed, Li Jie, Asif, Salman, and all those whom I might forget to mention here. - Shakeel Ali - I would like to dedicate this book to: God: For the gifts that have been given to me. My beloved family: For their supports all this time. My wonderful teachers: Thank you for being so patient in teaching me. My amazing friends and colleagues: For helping me out during the years. My excellent clients: For trusting and giving me the chance to work together with you. You, the reader: For buying this book and e-book. - Tedi Heriyanto - www.it-ebooks.info [...]... Preface BackTrack is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment Applying appropriate testing methodology with defined business objectives and a scheduled test plan will result in robust penetration testing of your network BackTrack 4: Assuring Security by Penetration Testing. .. Customizing BackTrack Summary 19 21 21 22 24 24 25 26 29 30 31 32 34 Installation in real machine Installation in VirtualBox Chapter 2: Penetration Testing Methodology Types of penetration testing Black-box testing White-box testing Vulnerability assessment versus penetration testing www.it-ebooks.info 13 14 37 38 38 39 39 Table of Contents Security testing methodologies Open Source Security Testing Methodology... Testing Procedures Beginning with BackTrack Penetration Testing Methodology www.it-ebooks.info www.it-ebooks.info Beginning with BackTrack This chapter will introduce you to BackTrack, a Linux Live DVD for penetration testing The chapter will describe the following: • A brief background of BackTrack • Several common usages of BackTrack • Getting and installing BackTrack • Configuring and updating BackTrack. .. systematic penetration testing The first and so far only book on BackTrack OS starts with lab preparation and testing procedures, explaining the basic installation and configuration set up, discussing types of penetration testing (black box and white box), uncovering open security testing methodologies, and proposing the BackTrack specific testing process The authors discuss a number of security assessment... (4.0), BackTrack is based on Ubuntu Linux distribution version 8.10 As of July 19, 2010, BackTrack 4 has been downloaded by more than 1.5 million users BackTrack purpose BackTrack 4.0 contains a number of tools that can be used during your penetration testing process The penetration testing tools included in Backtrack 4.0 can be categorized into the following: www.it-ebooks.info Beginning with BackTrack. .. weapons and customize BackTrack History BackTrack is a Live DVD Linux distribution developed specifically for penetration testing In the Live DVD format, you can use BackTrack directly from the DVD without installing it to your machine BackTrack can also be installed to the hard disk and used as a regular operating system BackTrack is a merger between three different live Linux penetration testing distributions—IWHAX,... customized BackTrack to suit your own needs Chapter 2, Penetration Testing Methodology, discusses the basic concepts, rules, practices, methods, and procedures that constitute a defined process for a penetration testing program You will learn about making a clear distinction between two well-known types of penetration testing, Black-Box and White-Box The differences between vulnerability assessment and penetration. .. executable file [ 10 ] www.it-ebooks.info Chapter 1 Getting BackTrack Before installing and using BackTrack, first we need to download it You can get BackTrack 4.0 from a torrent file or from the BackTrack website (http://www backtrack- linux.org/downloads/) On the BackTrack website, you will find two versions of BackTrack 4 One version is BackTrack 4 in ISO image file format You use this version if...www.it-ebooks.info Table of Contents Preface 1 PART I: Lab Preparation and Testing Procedures Chapter 1: Beginning with BackTrack 9 History BackTrack purpose Getting BackTrack Using BackTrack Live DVD Installing to hard disk 9 9 11 12 12 13 Portable BackTrack Configuring network connection Ethernet setup Wireless setup Starting the network service Updating BackTrack Updating software applications Updating the kernel... vulnerability assessment and penetration testing will also be analyzed You will also learn about several security testing methodologies and their core business functions, features, and benefits These include OSSTMM, ISSAF, OWASP, and WASC-TC Thereafter, you will learn about an organized BackTrack testing process incorporated with ten consecutive steps to conduct a penetration testing assignment from ethical . www.it-ebooks.info BackTrack 4: Assuring Security by Penetration Testing Master the art of penetration testing with BackTrack Shakeel Ali Tedi. 4: Assuring Security by Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by