BackTrack

The Quieter you become the more you are able to hear
10/30/2012 Internet Hacking Articles (IHA) Shehab Imam

Please Note Before Reading this e-book. IHA has No Legal/ Illegal issues with this e-book. This e-book has been published keeping in mind that it can/will be useful for those who are wanting to learn ethical hacking or want to move on to a higher level. The authors and Team IHA just have one request to all of you. PLEASE DO NOT UPLOAD IT ON MONETIZING SITES. This e-book is free and will be free and shall be Free. If by Chance on any site you are asked to pay PLEASE LET US KNOW. You can upload it to any site (for sharing) but please remember to give credits to the Author and Team IHA. Hope You All Will Find This Book Useful and HELPFUL. Admin of Team IHA: Shehab Imam / Team IHA

An Introduction to Linux (For Beginners)

Now before we proceed to Backtrack we should have some Basic Idea of what is Backtrack. Well So First We Cover about Linux, which is pretty much the same as backtrack. If you can get hold of Linux, Backtrack is your Best Friend. Well I have tried to cover Backtrack 4 (ONLY). Didnt Use Backtrack 5 or Higher versions although I had downloaded and kept. But in a recent HDD crash I lost all the dat a. Sometimes Later We Will cover Backtrack Higher Versions.

Fig 1 : A typical Linux Desktop

1. What is Linux? Linux is a free Unix-type operating system for computer devices. The operating system is what makes the hardware work together with the software. The OS is the interface that allows you to do the things you want with your computer. Linux is freely available to everyone. OS X and Windows are other widely used OS.

Linux gives you a graphical interface that makes it easy to use your computer, yet it still allows those with know-how to change settings by adjusting 0 to 1.

It is only the kernel that is named Linux, the rest of the OS are GNU tools. A package with the kernel and the needed tools make up a Linux distribution. Mandrake , SUSE Linux, Gentoo and Redhat are some of the many variants. GNU/Linux OS can be used on a large number of boxes, including i386+ , Alpha, PowerPC and Sparc. 2. Understanding files and folders Linux is made with one thought in mind: Everything is a file. A blank piece of paper is called a file in the world of computers. You can use this piece of paper to write a text or make a drawing. Your text or drawing is called information. A computer file is another way of storing your information. If you make many drawings then you will eventually want to sort them in different piles or make some other system that allows you to easily locate a given drawing. Computers use folders to sort your files in a hieratic system. A file is an element of data storage in a file system. Files are usually stored on harddrives, cdroms and other media, but may also be information stored in RAM or links to devices. To organize our files into a system we use folders. The lowest possible folder is root / where you will find the user homes called /home/. / /home/ /home/mom/ /home/dad/ Behind every configurable option there is a simple human-readable text file you can hand-edit to suit your needs. These days most programs come with nice GUI (graphical user interface) like Mandrakes Control Center and Suses YAST that can smoothly guide you through most configuration. Those who choose can gain full control of their system by manually adjusting the configuration files from foo=yes to foo=no in an editor. Almost everything you do on a computer involves one or more files stored locally or on a network. Your filesystems lowest folder root / contains the following folders: /binEssential user command binaries (for use by all users)/bootStatic files of the boot loader, only used at system startup/devDevice files, links to your hardware devices like /dev/sound, /dev/input/js0 (joystick)/etcHost-specific system configuration/homeUser home directories. This is where you save your personal files/libEssential shared libraries and kernel modules/mntMount point for a temporarily mounted filesystem like /mnt/cdrom/optAdd-on application software packages/usr/usr is the second major section of the filesystem. /usr is shareable, read-only data. That means that /usr should be shareable between various FHS-compliant hosts and must not be written to. Any information that is host-specific or varies with time is stored elsewhere./var/var contains variable data files. This includes spool directories and files, administrative and logging data, and transient and temporary files./procSystem information stored in memory mirrored as files. The only folder a normal user needs to use is /home/you/ - this is where you will be keeping all your documents. /home/elvis/Documents /home/elvis/Music /home/elvis/Music/60s Files are case sensitive, myfile and MyFile are two different files. For more details, check out: 3. Understanding users and permissions

Linux is based on the idea that everyone using a system has their own username and password. Every file belongs to a user and a group, and has a set of given attributes (read, write and executable) for users, groups and all (everybody). A file or folder can have permissions that only allows the user it belongs to to read and write to it, allowing the group it belongs to to read it and at the same time all other users cant even read the file. 4. Who and what is root Linux has one special user called root (this is the user name). Root is the system administrator and has access to all files and folders. This special user has the right to do anything. You should never log on as this user unless you actually need to do something that requires it! Use su - to temporary become root and do the things you need, again: never log into your sytem as root! Root is only for system maintenance, this is not a regular user (LindowsOS dont have any user management at all and uses root for everything, this is a very bad idea!). You can execute a command as root with: su -c 'command done as root' Gentoo Linux: Note that on Gentoo Linux only users that are member of the wheel group are allowed to su to root.

BACKTRACK
What is Backtrack?
BackTrack is a distribution based on the UbuntuGNU/Linux distribution aimed at digital forensics andpenetration testing use. It is named afterbacktracking, a search algorithm. The current version is BackTrack 5 R2, codenamed Revolution and its Revision. WHAX: a Slax based Linux distribution developed by Mati Aharoni, a security consultant. Earlier versions of WHAX were called Whoppix and were based on Knoppix.The BackTrack distribution originated from the merger of two formerly competing distributions which focused on penetration testing.

Auditor Security Collection: a Live CD based onKnoppix developed by Max Moser which included over 300 tools organized in a user-friendly hierarchy. The overlap with Auditor and WHAX in purpose and tools collection partly led to the merger.

Tools BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USBfunctionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option. BackTrack includes many well known security tools including: Metasploit integration (Non-Working and Officially Unsupported )

RFMON Injection capable wireless drivers Aircrack-NG Kismet Nmap Ophcrack Ettercap Wireshark (formerly known as Ethereal) BeEF (Browser Exploitation Framework) Hydra OWASP Mantra Security Framework collection of hacking tools, add-ons and scripts based on Firefox Cisco OCS Mass Scanner A very reliable and fast scanner for Cisco routers with telnet/enable default password. Quypt (Terminal Emulator) (which is private software by Crimson Hacking group, which has leaked to the Mainstream) Blackhat A large collection of exploits as well as more commonplace software such as browsers. BackTrack arranges tools into 12 categories:

Information Gathering Vulnerability Assessment Exploitation Tools Privilege Escalation Maintaining Access Reverse Engineering RFID Tools Stress testing Forensics Reporting Tools Services Miscellaneous

Why BackTrack?
The purpose of creating Backtrack Was for information gathering: This category contains several tools that can be used to get information regarding a target DNS, routing, e-mail address, websites, mail server, and so on. This information is gathered from the available information on the Internet, without touching the target environment. Network mapping: This category contains tools that can be used to check the live host, fingerprint operating system, application used by the target, and also do port-scanning.

 Vulnerability identification: In this category you can find tools to scan vulnerabilities (general) and in Cisco devices. It also contains tools to carry out fuzzing and analyze Server Message Block (SMB) and Simple Network Management Protocol (SNMP). Web application analysis: This category contains tools that can be used in auditing web application. Radio network analysis: To audit wireless networks, bluetooth and Radio Frequency Identifier (RFID), you can use the tools in this category. Penetration: This category contains tools that can be used to exploit the vulnerabilities found in the target machine. Privilege escalation: After exploiting the vulnerabilities and gaining access to the target machine, you can use tools in this category to escalate your privilege to the highest privilege. Maintaining access: Tools in this category will be able to help you in maintaining access to the target machine. You might need to get the highest privilege first before you can install tool to maintain access.

Voice Over IP (VOIP): To analyze VOIP you can utilize the tools in this category.

BackTrack also contains tools that can be used for:

Digital forensics: In this category you can find several tools that can be used to do digital forensics such as acquiring hard disk image, carving files, and analyzing hard disk image. To use the tools provided in this category, you may want to choose Start BackTrack Forensics in the booting menu. Some practical forensic procedures require you to mount the internal hard disk and swap files in read-only mode to preserve evidence integrity. Reverse engineering: This category contains tools that can be used to debug a program or disassemble an executable file.

BACKTRACK 4
In the first parts, we had an introduction to basic concepts on and some common tools, Linux distribution specially designed for penetration testing, security auditing, incidence handling, system investigation and analysis, data recovery, and other useful tasks, security-oriented distribution, BackTrack.

Introduction
BackTrack is one of the more popular distributions in the white hat circles. It is specially suited for penetration testing, with more than 300 tools available for the task. Like both Helix and Protech, BackTrack is based on Ubuntu. This means good stability and hardware detection and a whole lot of software that can be easily obtained. Sound quite interesting. Lets see how it behaves. Were going to check version 4 Beta. Lots of great stuff. Like most Linux distros - and definitely all forensics/securityoriented tools, BackTrack works primarily as a live CD, with good hardware detection and low memory footprint, intended to make it usable even on older machines. It is also possible to install BackTrack, should one desire. The boot menu is simple and elegant, with three options available.

Fig 2 : Backtrack BootMenu The second option (Console no FB) stands for Console no Framebuffers, i.e. the failsafe mode with minimal graphics that should work well on all hardware. Thanks k finity! As to the third option, MSRAMDUMP, I did try booting it, but this produced an error and threw me back into the boot menu. Anyhow The distro maintains its elegance by booting into the best-looking console I have seen, with stylish color gradients and mirror effects. You can begin working instantly on the command-line or boot into GUI desktop by issuing startx command.

Fig 3 : this is where you enter the GUI mode One thing worth noting in the screenshot above is the mounting error on hda1, which is formatted with Ext4, a relatively new filesystem. In fact, the system I booted BackTrack on hosts a Jaunty install, with the Ext4 root partition. This is something that is probably solved in future releases.

Desktop
The desktop is simple and functional, running a lightweight KDE3 manager. You get a simple wallpaper with dragon-like theme. Another interesting element is the Run box embedded in the panel, which allows you to run applications without invoking a terminal first. The network is not enabled by default and youll have to fire it up manually.

Fig4: Backtrack Desktop

Tools:BackTrack is all about lots and lots of hacking tools. Once again, Im only going to present the tools, not show you how to use them. These tools are all double-edged swords, and without the right amount of respect, skill and integrity, you may cause more harm than good. Furthermore, do not deploy them in a production environment without the explicit approval from system administrators and INFOSEC people. The tools can all be found under Backtrack in the menu, arranged into sub-categories. The collection is long and rich and it will take you a long time pouring over all of them, let alone mastering them. Most of the tools are command-line utilities, with menu items a link to the console with the relevant tool running inside it.

Fig5 : backtrack Tools

Fig6: Backtrack Tools 2

Fig 7 : Backtrack Tools 3

A few practical examples, theres the venerable nmap, Hydra and hping3:

Fig8: Backtrack Tool Hydra (password Cracker)

Fig9: Backtrack Tool Nmap

Fig10: Backtrack Tool hping3 (network scanner) Then, theres the gdb (GNU Debugger) for analyzing crash dumps and memory cores.

Fig11: Backtrack Tool GDB (analyze crash dumps)

Last But not the Least WIRESHARK (formerly ethereal ;)

Fig12: Backtrack Wireshark

Other programs:BackTrack is mainly loaded with security applications, however it also has a reasonable assortment of normal programs. You get:1. Firefox, already configured to use the exceptional Noscript extension. 2. Synaptic, which makes software management easy and pleasant:

Fig13 : Synaptics

3. Also comes with WINE for windows Softwares.

Fig14: Backtrack Tool WINE (for windows softwares)

Errors:Being a beta, BackTrack 4 was not the most stable distro. In addition to the Ext4 error during the boot, there were some other problems. For example, both Lynx text browser and QtParted partitioning software refused to work.

Fig15: Backtrack beta version error

Other things
One thing that may bother you is the issue with the documentation section on the official site. Its secure site, self-signed with an expired certified, at last when this article was written, although the expiration has been in effect since August 2008. This is not something you expect to see on a site catering to the security-conscious audience. Furthermore, theres the small issue of inconsistency when it comes to application names. For example, BlueSmash shows up as blue-smash on the command line, hping3 has a capital H in the menus, etc. BackTrack itself also comes in two flavors, with both lowercase and uppercase Ts. Overall, there were no big issues, except for the occasional application errors.

Conclusion
BackTrack is a powerful hacking suite. It is well made, with stylish touches that add to the overall feel of the distribution. It runs very fast in the live mode, even faster than most installed distributions. Most importantly, the array of tool is rich, well balanced and overall quite impressive. The Beta version did throw a few errors here and there, but it was nothing major. Small consistency issues also arise, and theres the lack of support for Ext4, which I expect will be solved soon. Documentation needs to be improved, starting with the website SSL certificate and continuing with lots of questions regarding the general usage. Nevertheless, for security professionals looking for a complete testing package that has all

their favorite gadgets neatly arrayed, on top of a stable, popular distribution and with Synaptic package management for easy replenishment of any missing bits, BackTrack is an excellent candidate for their work

THE END

-: MORE LINKS:1. How to Hack Windows Password In Backtrack using Ophcrack 2. Hacking Wireless Networks (Part 1) (Part 2) 3. Cracking WPA2 PSK with Backtrack 4, aircrack-ng and John The Ripper

-: OFFICIAL LINKS:1. Backtrack 5 2. Backtrack Wiki 3. Backtrack Forum

VISIT US LIKE US

ASK US JOIN US