BackTrack & MetaSploit

University of Oviedo

Assuring Security by Penetration Testing

Pedro Lpez Mareque UO211977@uniovi.es

29 de marzo de 2013

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

Important Concepts I
Ethical Hack Refers to a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organizations information systems. Security Audit Is a manual or systematic measurable technical assessment of a system or application. Penetration Testing ( Pentesting ) Is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and malicious insiders.
2 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

Important Concepts II
0-day Is an attack that exploits a previously unknown vulnerability in a computer application, the developers have had zero days to address and patch the vulnerability. Vulnerability Refers to the inability to withstand the effects of a hostile environment. Exploit Is a piece of software or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behaviour to occur on computer software, hardware, or something electronic.
3 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

Important Concepts III

Framework Establishes a common practice for creating, interpreting, analyzing and using architecture descriptions within a particular domain of application or stakeholder community. Payload Refers to the part of a computer data which performs a malicious action. Shell Code Is a small piece of code used as the payload in the exploitation of a software vulnerability.
4 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

Whats BackTrack?

BackTrack is based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing use. The current version is BackTrack 5 R3, now based on Ubuntu 10.04 (Lucid) LTS, which is itself based on Debian. BackTrack is a penetration testing and security auditing platform with advanced tools identify, detect and exploit any vulnerabilities uncovered in the target network enviroment.

5 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

BackTrack Desktop

6 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging,includes many well known security tools: Metasploit. RFMON ( Injection capable wireless drivers ). Aircrack-ng. Gerix ( Wi Cracker ). Nmap. Ophcrack ( Bruter Force Pass ). Ettercap. Wireshark ( Trafc Analizer ). BeEF ( Browser Exploitation Framework ). Nessus. OWASP Security Framework. Cisco OCS Mass Scanner, a fast scanner for Cisco routers. ...
7 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

Whats MetaSploit?
Metasploit is a tool, was completely written in the Ruby, for developing and executing exploit code against a remote target machine. Metasploit can be used to test the vulnerability of computer systems to protect them or to break into remote systems. Since the acquisition of the Metasploit Framework, Rapid7 has added two open core proprietary editions called Metasploit Express and Metasploit Pro. Metasploit runs on Unix ( including Linux and Mac OS X ) and on Windows.
8 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

Metasploit Framework

9 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

Most important metasploit comands:

msfconsole. msfupdate. show options / advanced / auxiliary / exploits / payloads / targets. info. use. search. sessions. set / setg. exploit.

10 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

The basic steps for exploiting a system using the Framework include:
Choosing and conguring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and Mac OS X systems are included). Checking whether the intended target system is susceptible to the chosen exploit (optional). Choosing and conguring a payload (code that will be executed on the target system upon successful entry). Choosing the encoding technique to encode the payload so that the intrusion-prevention system (IPS) will not catch the encoded payload. Executing the exploit.
11 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

Getting BackTrack and Enviroment

Virtual Box https://www.virtualbox.org/wiki/Downloads BackTrack 5 R3 http://www.backtrack-linux.org/downloads Windows XP SP3 Internet is your friend ;-)

12 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

Choice the toys!

Exploits: exploit/windows/smb/ms08_067_netapi ( Windows ) exploit/windows/leformat/adobe_pdf_embedded_exe ( Adobe Reader 8.x - 9.x ) Payload: windows/meterpreter/reverse_tcp ( Windows ) windows/meterpreter/bind_tcp ( Windows )

13 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

Probe it!

14 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

But XP is the past I...

Desktop Operating System Market Share at January 2013

15 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

But XP is the past II...

Well, this metadata of the Marianos Rajoy statement of income say otherwise:

16 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

The end is near...

17 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

Kali Linux
What is the difference between BackTrack and Kali? Switch to Debian and an FHS-compliant system. Repositories synchronize with the Debian repositories 4 times a day Complete exibility in generating your own updated Kali ISOs, with any desktop environment you like. Ability to seamlessly upgrade future major version of Kali. Ability to Bootstrap a Kali Installation/ISO directly from our repositories. Can quickly and easily get the required sources of each tool, then modify and rebuild them with a couple of commands.
18 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

Interesting Web Blogs

El lado del Mal - Chema Alonso ( elladodelmal.com ) SbD - Alejandro Ramos ( securitybydefault.com ) Pentester.es - Jose Selvi ( pentester.es ) 48 Bits - Ruben Santamarta ( 48bits.com ) Tavis Ormandy Blog - Tavis Ormandy [http://taviso.decsystem.org] ( blog.cmpxchg8b.com )

19 / 20

Introduction Backtrack 5 R3 MetaSploit Framework Exploiting

Assuring Security by Penetration Testing

Bibliografy

Wikipedia Net Market Share ( http://www.netmarketshare.com ) BackTrack 4: Assuring Security by Penetration Testing by Shakeel Ali & Tedi Heriyanto. Metasploit: The Penetration Testers Guide by David Kennedy. Metasploit para Pentesters by Pablo Gonzlez Prez & Chema Alonso. Kali Linux ( http://www.kali.org )

20 / 20