ADVANCED BACKTRACK SET – READ HAKIN9′S BEST STEP-BY-STEP TUTORIALS AND GAIN PENTESTING ULTIMATE SKILLS

Dear Readers,

We are happy to tell you that our current edition concerns on the most known IT security linux distro – BackTrack. We decided this time to pick up the best articles and publish them as a big set devoted to the topic of pentesting.

We hope these 20 articles which you will find inside the issue will help you start with pentesting and then, develop your skills further. We are sure that after reading it you will begin your journey as a professional penetration tester.

In this issue you will find great articles:

Why Do Hackers Use Backtrack? 
By William F. Slater, III

This article is a brief introduction to Backtrack Linux. This distribution has quickly risen to the position of becoming the de facto hacker’s tool for network infrastructures. This article is not a BackTrack user guide, nor is it a User Guide for any or all the tools that are available in BackTrack Linux.

How Anyone Can Be Compromised
By Alex Soler Alvarez, an Information Security, Engineer with around 6 years of experience

Most people feel safe browsing through the Internet and don’t imagine that they could be at risk from someone, stealing their credentials or compromising their computers. Thinking that only browsing well-known websites and avoiding reaching a suspicious one they are safe, but this is not really true. Using specialized pentesting tools, most of them included in a penetration testing distribution called Backtrack 5, you can design a scenario where any user with a device, which can be connected to the Internet, could be affected.

Pentesting with BackTrack
By Davide Peruzzi, OSCP certified, system administrator and freelance security consultant with about 10 years of experience in Information Technology

Abraham Lincoln said “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.” This is really the basic concept and the start point of every penetration test. In a pentest you have to sharper your axe, first by gathering information. The more you obtain the more surface to attack you will have. The gathering phase isn’t the most exciting one, but surely it is the one that let you make things better and smarter, so what do you need? Let’s see…

PenTesting with BackTrack 
By Piyush Verma, CompTIA Security+, CEH v8, ECSA|LPT, CHFI v8, Advanced PenTesting with BackTrack

PenTesting, short for penetration testing, is a technique used for evaluating the security posture of systems, applications and network of an organization from internal as well as external threat agents, at the request of the owner. A threat agent could be an employee making unintentional mistakes that can compromise the integrity of the information, or a hacker sending malware through unfiltered/open ports on the firewall. A pen-test emulates the same techniques an attacker would use, and therefore it should align with the latest hacking methodologies. Organizations perform this to determine the effectiveness of their security measures.

A Crash Course in Pentesting with Bactrack 
By Nick Hensley, CISSP, Information Security Professional with 12 years of industry experience

In this article we will give you a crash course in pentesting. This article is meant to be a basis or primer if you wish; it will teach you what a penetration test is and what it is not. We will show you the basic steps that go into virtually all penetration tests. And teach you what you need to be aware of, what to look for, and how to get started. That being said, this is not a “how to hack” article that will teach you how to break into some unsuspecting company’s website and further penetrate their
internal infrastructure.

Backtrack Linux – How to Ditch the Menu and Ball from the Command Line?
By Alex Kah

In the text to follow I provide quick examples of various tools available from the command line in Backtrack Linux. The Backtrack menus already provide an overwhelming amount of tools that will allow you to accomplish almost anything you need in a penetration test or security audit. However, if you never get past the Backtrack menu system, you will be doing yourself a huge disservice. If you want to advance to the next level in your career break away from the norm and explore.

Become Quieter with a Little Help from BackTrack
by Dusko Pijetlovic

When you are faced with a task of testing your production environment and strengthening your defenses, your choice of the tool is easy. Instead of concentrating on collecting penetration (pen) testing tools, just head to BackTrack website and download an image of one of the most popular white hat penetration testing and security auditing platforms. It’s #7 on the sectools.org Top 125 Security Tools list.

BackTrack 5 Toolkit Tutorial
by Vikas Kumar

BackTrack is an operating system based on the Ubuntu GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm. The current version is BackTrack 5, code name “Revolution.”

BackTrack 5: The Ultimate Security Toolkit
by Steve Myers

In the security world today, a security professional relies heavily on knowing the right tools for the job, and knowing how to use these tools. There are hundreds of tools available and the list of tools is constantly changing and growing. For security assessments and penetration testing, there are very few toolkits as actively supported and all-encompassing as BackTrack 5.

Backtrack 5 Practical Applications And Use Cases
by Nicholas Popovich

This article breaks down what Backtrack Linux is, with a brief description and history. Then, we’ll explore a sampling of some of the many tools that are packaged within Backtrack Linux and provide use cases along with step-by-step tutorials to demonstrate some of the more common tasks that Backtrack is used to perform. Finally, we’ll see how most of the tools and techniques that Backtrack is designed to facilitate can be used by the many different roles in the IT security field.

BackTracking in Wifi Country
by Dennis King

The BackTrack 5 distribution continues to be the “go to” tool in a security professional’s arsenal. With the latest release, “Revolution,” the Backtrack development team delivers a kit you can use anywhere on both light and heavy duty security tasks.

How to Use Backtrack and Nessus for Vulnerability Management?
By Guglielmo Scaiola

Ethical Hacking and Penetration Testing are fun but what’s the business value of these activities?What’s the reason that motivates a manager to pay us to hack their network? What’s the ultimate goal? I believe that this is possible only for a reason that penetration testing is part of the vulnerability management process. This process is the key of enterprise security.

Using Hydra To Crack The Door Open
By Nikolaos Mitropoulos

Take advantage of a cracking tool to test the resilience of your local or remote network servers and various other devices from a computer to router on the network.

Backtrack Linux – How to Configure A Metasploit Development System?
By Royce Davis

This article details the necessary steps to get off the ground and running full speed with Backtrack as a developmental platform for the awesome Metasploit Framework. Throughout the next few pages I will describe in step-by-step fashion all of the proper settings to install and configure the tools that I find to be most useful when building extensions to the already expansive Metasploit Framework. The following topics will be covered: The Ruby Versioning Manager (RVM), Git & The Github, Vim Basic Operations, Vim Configuration & Plugins, The Anatomy of a Metasploit Module, Navigating the Metasploit Framework and submitting your module to the rapid7 dev team for merger into the framework.

Use Metasploit in Backtrack 5
by Johan Loos

Metasploit comes in several flavors: Metasploit framework, Metasploit community edition, Metasploit pro. In Backtrack 5, Metasploit framework is installed by default. Metasploit framework provides you with information on security vulnerabilities which can be used to exploit a system. Penetration testers can also use this tool to launch manual or automated scans.

Android Exploitation with Metasploit
by Aditya Gupta

In this article, we will be looking into the practical usage of Backtrack, and its tools. The article is divided into three sections – Android Exploitation through Metasploit, Nikto Vulnerability Scanner and w3af. The reader is expected to have basic knowledge of Backtrack and familiar with common web application vulnerabilities.

Nmap For Newbies 
By Andrew Jones

As a former Network Warfare Instructor for the US Air Force, I get asked a lot of questions: among the most common is what did you teach, or can you not talk about it? The simple answer is I taught a subset of Air Force Doctrine known as Network Defense, or NetD for short.

Metasploit – How to Play with Smb and Authentication
By Guglielmo Scaiola

In my experience a lot of infrastructures have two big problems, they are using local admin credential with the same password in some or all systems of the network and maintain some servers (or clients) unpatched, with these two common mistakes we can completely Pown the infrastructure. Two pillars of best practices are just patching and a different password for local admin for each host and it is possible to retrieve a lot of best practices from the Internet and in many books about security architecture, but a lot of system admin don’t use them, why? In most case because the system admins are uneducated in security, or because they are lazy, or because they are too busy.

How to use Sqlploit
By George Karpouzas

Databases nowdays are everywhere, from the smallest desktop applications to the largest web sites such as Facebook. Critical business information are stored in database servers that are often poorly secured. Someone with access to this information could have control over a company’s or an organization’s infrastructure.

How to Use The Mac OS X Hackers Toolbox
By Phillip Wylie

When you think of an operating system to run pen testing tools on, you probably think of Linux and more specifically BackTrack Linux. BackTrack Linux is a great option and one of the most common platforms for running pen testing tools. If you are a Mac user, then you would most likely run a virtual machine of BackTrack Linux. While this a great option, sometimes it is nice to have your tools running on the native operating system of your computer.