Backtrack 5 Training Manual
Web App scanning with Burp Suite. As explained in previous installments of this BackTrack 5 training guide, you can also use NMAP to check if the system is alive, for sweeping the network, banner grabbing, fingerprinting, and so on.
Once the list of systems is obtained, we have a clear picture of the operating systems running, as well as the IPs that are live. Before launching an attack, we will perform vulnerability research on our target. Suppose the target system is a Windows 2000 Server, which is running on 192.168.13.129. Vulnerability databases can be checked for information, using tools such as Nessus or OpenVAS. However, for our BackTrack 5 training guide, we will perform vulnerability scans on the target manually.
Online vulnerability database The popular National Vulnerability Database at provides information on various vulnerabilities of a particular system. National Vulnerability Database search engine Penetrating the target For our BackTrack 5 training guide, we will use the vulnerability in Windows 2000 Server’s RPC DCOM port that allows remote code execution, and leads to buffer overflow. In the we have seen how to exploit the vulnerability of a target. We have spawned a meterpreter shell on the Windows 2000 Server i.e.
July 2018, Issue 59 (7): Research Highlights Each month we highlight outstanding articles, as rated by our editors, and feature the first authors of these papers. This month we present four articles, including a research article that forms part of the Special Focus Issue on the Multifaceted Roles of Plant Vacuoles organised by Enrico Martinoia, Tetsuro Mimura, Ikuko Hara-Nishimura and Katsuhiro Shiratake, and this month’s Editor's Choice article by Vial-Pradel and Keta et al. Investigating gene body methylation maintenance during leaf development. 
192.168.13.129, as shown in Figure 3. BackTrack 5 offers other privileges such as SET, which can be used to penetrate the system. Inside Windows 2000 Server Once inside the system, several details about the system can be obtained. Following are a few of the important commands that can be executed:. Hashdump This command dumps the hashes (NT/LM) of the target system, which can later be cracked using privilege escalation software, such as John the Ripper.
Sysinfo A sysinfo command on the target would give us the basic system details such as the OS, vendor, admin name, and so on. Execute This command is very powerful. Here, we can run any file of our choice on the target system. Even the promiscuous mode of operation is facilitated by the meterpreter shell. Portfwd This powerful command allows the execution of remote service on a port of the target.
This can be used to create a backdoor to the target, enabling hassle-free access in the future. Clearing the traces The next part of this BackTrack 5 training guide covers clearing any traces of the attack in the target system. A simple clearev command clears the event logs in the system, leaving no trace of any unauthorized presence. Figure 4 shows clearev in action. Clearev in action Windows maintains application logs, system logs and security logs. The screenshot in Figure 5 shows them in the target system.
Event logs in Windows 2000 Server The clearev command clears the logs in these categories and leaves no traces of any penetration. Of course, an astute system administrator would immediately suspect something amiss on seeing the entire log entries cleared. It is thus advisable to set up backdoors and rootkits to maintain access for extended periods of time. Overview of Windows security model The Windows security model is pretty simple. Every user has a unique SID (security identifier). The SID is of the following form.
Backtrack 5 Training Manual Pdf Download
More tutorials from Searchsecurity.in. S- 1 - 5 - 236 - 1023 Red - Revision level Green – Identified Authority Value Orange – Domain or local ID Peach – Relative ID Subsequent to login, several processes are created on behalf of each user. Each process is assigned a token, defining the privileges accorded to the associated user. The SID forms part of the token. In our earlier, we used the stealtoken command on meterpreter to change tokens for elevating and exchanging privileges with other user groups.
The users we came across included ‘system’ and ‘administrator’. To sum up Our BackTrack 5 training guide has discussed penetration into a system on the network from scratch. We started with network sweeping and gathering of information in the initial phase, and followed with vulnerability research using an online vulnerability database. We also performed an attack on the system, checked a few important commands in the post-exploitation section, and finally cleared any traces of our attack.
Backtrack 5 Software
We also briefly covered the Windows security model. This concludes our BackTrack 5 training guide series that focused on important aspects of information security, especially ethical hacking. Here’s wishing you safe and happy ethical hacking with BackTrack 5! You can download this format along with the rest of our s for offline reference. About the author: Karthik R is a member of the NULL community. Karthik completed his training for EC-council CEH in December 2010, and is at present pursuing his final year of B.Tech in Information Technology, from National Institute of Technology, Surathkal.
Backtrack 5 Linux
Karthik can be contacted on rkarthik.poojary@gmail.com. He blogs at You can subscribe to our twitter feed at @SearchSecIN.