Thông tin tài liệu
www.it-ebooks.info
BackTrack 4: Assuring Security
by Penetration Testing
Master the art of penetration testing with BackTrack
Shakeel Ali
Tedi Heriyanto
BIRMINGHAM - MUMBAI
www.it-ebooks.info
BackTrack 4: Assuring Security by Penetration Testing
Copyright © 2011 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval
system, or transmitted in any form or by any means, without the prior written
permission of the publisher, except in the case of brief quotations embedded in
critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy
of the information presented. However, the information contained in this book is
sold without warranty, either express or implied. Neither the authors, nor Packt
Publishing, and its dealers and distributors will be held liable for any damages
caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the
companies and products mentioned in this book by the appropriate use of capitals.
However, Packt Publishing cannot guarantee the accuracy of this information.
First published: April 2011
Production Reference: 1070411
Published by Packt Publishing Ltd.
32 Lincoln Road
Olton
Birmingham, B27 6PA, UK.
ISBN 978-1-849513-94-4
www.packtpub.com
Cover Image by Faiz fattohi (Filosarti@tiscali.it)
www.it-ebooks.info
Credits
Authors
Shakeel Ali
Tedi Heriyanto
Reviewers
Mike Beatty
Peter Van Eeckhoutte
Arif Jatmoko
Muhammad Rasyid Sahputra
Acquisition Editor
Tarun Singh
Development Editor
Kartikey Pandey
Technical Editor
Kavita Iyer
Copy Editor
Neha Shetty
Indexers
Hemangini Bari
Tejal Daruwale
Editorial Team Leader
Akshara Aware
Project Team Leader
Priya Mukherji
Project Coordinator
Sneha Harkut
Proofreader
Samantha Lyon
Graphics
Nilesh Mohite
Production Coordinator
Kruthika Bangera
Cover Work
Kruthika Bangera
www.it-ebooks.info
About the Authors
Shakeel Ali is the main founder and CTO of Cipher Storm Ltd, UK. His expertise
in the security industry markedly exceeds the standard number of security
assessments, audits, compliance, governance, and forensic projects that he carries
in day-to-day operations. He has also served as a Chief Security Ofcer at CSS-
Providers S.A.L. As a senior security evangelist and having spent endless nights
without taking a nap, he provides constant security support to various businesses,
educational organizations, and government institutions globally. He is an active
independent researcher who writes various articles and whitepapers, and manages
a blog at Ethical-Hacker.net. He also regularly participates in BugCon Security
Conferences held in Mexico, to highlight the best-of-breed cyber security threats and
their solutions from practically driven countermeasures.
I would like to thank all my friends, reviewers, and colleagues
who were cordially involved in this book project. Special thanks
to the entire Packt Publishing team, and their technical editors
and reviewers who have given invaluable comments, suggestions,
feedback, and support to make this project successful. I also want
to thank Tedi Heriyanto (co-author) whose continual dedication,
contributions, ideas, and technical discussions led to produce the
useful product you see today. Last but not least, thanks to my pals
from past and present with whom the sudden discovery never ends,
and whose vigilant eyes turn an IT industry into a secure and stable
environment.
www.it-ebooks.info
Tedi Heriyanto currently works as a Senior Technical Consultant in an Indonesian
information technology company. He has worked with several well-known
institutions in Indonesia and overseas, in designing secure network architecture,
deploying and managing enterprise-wide security systems, developing information
security policies and procedures, doing information security audit and assessment,
and giving information security awareness training. In his spare time, he manages
to research, write various articles, participate in Indonesian Security Community
activities, and maintain a blog site located at http://theriyanto.wordpress.
com
. He shares his knowledge in the information security eld by writing several
information security and computer programming books.
I would like to thank my family for supporting me during the
whole book writing process. I would also like to thank my friends
who guided me in the infosec eld and were always available to
discuss infosec issues: Gildas Deograt, Mada Perdhana, Pamadi
Gesang, and Tom Gregory. Thanks to the technical reviewers who
have provided their best knowledge in their respective elds: Arif
Jatmoko, Muhammad Rasyid Sahputra, and Peter "corelanc0d3r"
Van Eeckhoutte. Also thanks to the great people at Packt Publishing
(Kartikey Pandey, Kavita Iyer, Tarun Singh, and Sneha Harkut),
whose comments, feedback, and immediate support has turned this
book development project into a successful reality. Last but not least,
I would like to give my biggest thanks to my co-author, Shakeel
Ali, whose technical knowledge, motivation, ideas, and suggestions
made the book writing process a wonderful journey.
www.it-ebooks.info
About the Reviewers
Peter "corelanc0d3r" Van Eeckhoutte is the founder of Corelan Team
(http://www.corelan.be), bringing together a group of people who have similar
interests: performing IT security/vulnerability research, sharing knowledge, writing
and publishing tutorials, releasing security advisories and writing tools. His Win32
Exploit Writing Tutorial series and Immunity Debugger PyCommand "pvendaddr"
are just a few examples of his work in the security community. Peter has been
working on IT security since the late 90's, focusing on exploit development since
2006.
I would like to thank my wife and daughter for their everlasting
support and love, and the folks at the Corelan Team for being a truly
awesome bunch of friends to work with.
Arif Jatmoko (MCom, CISSP, CISA, CCSP, CEH) is an IT Security Auditor at Bank
Mandiri tbk, the biggest bank in Indonesia. Arif has spent over 15 years working as a
computer security specialist. Since 1999, he joined a top Fortune 500 company as the
IT security ofcer, runs several projects in government and military institutions, is a
pentester at big4 audit rm and a few major nancial institutions.
Since his early school years, Arif has enjoyed coding, debugging, and other reverse
engineering stuff. These hobbies have given him the skill to perform security
incident analysis for many years. Later (during his more current jobs), Arif was
found to be most interested in incident analysis and computer forensics. Especially
as an auditor, he frequently deals with investigative analysis in criminals and other
fraudulent activities inside the company.
Muhammad Rasyid Sahputra currently works as a Security Consultant
at Xynexis International. His interests range from analyzing various bugs of
open-source and commercial software/products to hacking telecommunication
infrastructure
www.it-ebooks.info
www.PacktPub.com
Support les, eBooks, discount offers
and more
You might want to visit www.PacktPub.com for support les and downloads related
to your book.
Did you know that Packt offers eBook versions of every book published, with PDF
and ePub les available? You can upgrade to the eBook version at
www.PacktPub.
com
and as a print book customer, you are entitled to a discount on the eBook copy.
Get in touch with us at service@packtpub.com for more details.
At
www.PacktPub.com, you can also read a collection of free technical articles, sign
up for a range of free newsletters and receive exclusive discounts and offers on Packt
books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital
book library. Here, you can access, read and search across Packt's entire library of books.
Why Subscribe?
• Fully searchable across every book published by Packt
• Copy and paste, print and bookmark content
• On demand and accessible via web browser
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access
PacktLib today and view nine entirely free books. Simply use your login credentials
for immediate access.
www.it-ebooks.info
www.it-ebooks.info
To my loving family: For their support and specially my cute little niece "Jennifer"and
nephew "Adan" whose smile is an inspiration and encouragement for my life.
To Medha Kant "lovely maggie": The most amazing and beautiful person I know. You're
my idol and your kheer will remain best of my success.
To my brilliant teachers: The ones who turned an ordinary child into his superior
excellence and extraordinary individual.
To all my friends and colleagues: Amreeta Poran, Li Xiang, Fazza3, Eljean
Desamparado, Sheikha Maitha, Rizwan Shariff, Islahuddin Syed, Li Jie, Asif, Salman,
and all those whom I might forget to mention here.
- Shakeel Ali -
I would like to dedicate this book to:
God: For the gifts that have been given to me.
My beloved family: For their supports all this time.
My wonderful teachers: Thank you for being so patient in teaching me.
My amazing friends and colleagues: For helping me out during the years.
My excellent clients: For trusting and giving me the chance to work together with you.
You, the reader: For buying this book and e-book.
- Tedi Heriyanto -
www.it-ebooks.info
[...]... Preface BackTrack is a penetration testing and security auditing platform with advanced tools to identify, detect, and exploit any vulnerabilities uncovered in the target network environment Applying appropriate testing methodology with defined business objectives and a scheduled test plan will result in robust penetration testing of your network BackTrack 4: Assuring Security by Penetration Testing. .. Customizing BackTrack Summary 19 21 21 22 24 24 25 26 29 30 31 32 34 Installation in real machine Installation in VirtualBox Chapter 2: Penetration Testing Methodology Types of penetration testing Black-box testing White-box testing Vulnerability assessment versus penetration testing www.it-ebooks.info 13 14 37 38 38 39 39 Table of Contents Security testing methodologies Open Source Security Testing Methodology... Testing Procedures Beginning with BackTrack Penetration Testing Methodology www.it-ebooks.info www.it-ebooks.info Beginning with BackTrack This chapter will introduce you to BackTrack, a Linux Live DVD for penetration testing The chapter will describe the following: • A brief background of BackTrack • Several common usages of BackTrack • Getting and installing BackTrack • Configuring and updating BackTrack. .. systematic penetration testing The first and so far only book on BackTrack OS starts with lab preparation and testing procedures, explaining the basic installation and configuration set up, discussing types of penetration testing (black box and white box), uncovering open security testing methodologies, and proposing the BackTrack specific testing process The authors discuss a number of security assessment... (4.0), BackTrack is based on Ubuntu Linux distribution version 8.10 As of July 19, 2010, BackTrack 4 has been downloaded by more than 1.5 million users BackTrack purpose BackTrack 4.0 contains a number of tools that can be used during your penetration testing process The penetration testing tools included in Backtrack 4.0 can be categorized into the following: www.it-ebooks.info Beginning with BackTrack. .. weapons and customize BackTrack History BackTrack is a Live DVD Linux distribution developed specifically for penetration testing In the Live DVD format, you can use BackTrack directly from the DVD without installing it to your machine BackTrack can also be installed to the hard disk and used as a regular operating system BackTrack is a merger between three different live Linux penetration testing distributions—IWHAX,... customized BackTrack to suit your own needs Chapter 2, Penetration Testing Methodology, discusses the basic concepts, rules, practices, methods, and procedures that constitute a defined process for a penetration testing program You will learn about making a clear distinction between two well-known types of penetration testing, Black-Box and White-Box The differences between vulnerability assessment and penetration. .. executable file [ 10 ] www.it-ebooks.info Chapter 1 Getting BackTrack Before installing and using BackTrack, first we need to download it You can get BackTrack 4.0 from a torrent file or from the BackTrack website (http://www backtrack- linux.org/downloads/) On the BackTrack website, you will find two versions of BackTrack 4 One version is BackTrack 4 in ISO image file format You use this version if...www.it-ebooks.info Table of Contents Preface 1 PART I: Lab Preparation and Testing Procedures Chapter 1: Beginning with BackTrack 9 History BackTrack purpose Getting BackTrack Using BackTrack Live DVD Installing to hard disk 9 9 11 12 12 13 Portable BackTrack Configuring network connection Ethernet setup Wireless setup Starting the network service Updating BackTrack Updating software applications Updating the kernel... vulnerability assessment and penetration testing will also be analyzed You will also learn about several security testing methodologies and their core business functions, features, and benefits These include OSSTMM, ISSAF, OWASP, and WASC-TC Thereafter, you will learn about an organized BackTrack testing process incorporated with ten consecutive steps to conduct a penetration testing assignment from ethical . www.it-ebooks.info
BackTrack 4: Assuring Security
by Penetration Testing
Master the art of penetration testing with BackTrack
Shakeel Ali
Tedi. 4: Assuring Security by Penetration Testing is a fully focused, structured
book providing guidance on developing practical penetration testing skills by
Ngày đăng: 20/02/2014, 11:20
Xem thêm: Tài liệu BackTrack 4: Assuring Security by Penetration Testing pptx, Tài liệu BackTrack 4: Assuring Security by Penetration Testing pptx