Penetration Testing with BackBox
eBook - ePub

Penetration Testing with BackBox

  1. 130 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Penetration Testing with BackBox

Book details
Book preview
Table of contents
Citations

About This Book

In Detail

BackBox is an amazing Linux security distribution designed to keep in mind the needs of security and system administration specialists. It has been developed to perform penetration tests and security assessments. Designed to be fast and easy to use while providing a minimal yet complete desktop environment, Backbox comes with its own software repositories and is continually updated to the latest stable version of the most widely used and best-known ethical hacking tools.

This book provides an exciting introduction to BackBox Linux in order give you familiarity with and understanding of this amazing Linux security distro, making you feel comfortable with both the subject of pen-testing and BackBox. The book progresses through topics based on standard cases of penetration testing from the initial steps to the final procedures.

This book will help you discover the exciting world of penetration testing through a series of step-by-step, practical lessons. Penetration Testing with BackBox is organized into eight chapters. Starting with an introduction to BackBox Linux in order to give you a solid grounding of this amazing Linux security distro, including both its design philosophy and feature set, before moving on to practical tutorials in using BackBox. The book is arranged in a chronological order based on standard cases of penetration testing. For those more experienced in the use of penetration testing tools, each chapter can be read independently, providing a detailed overview of how BackBox will augment your arsenal of tools at each step of the penetration testing process.

Throughout this book, you will be given a clear picture of IT security cases by having one of the most popular topics of penetration testing demonstrated in a user-friendly way. By the end of the book, you will have learned all the fundamental skills needed to use BackBox for ethical hacking.

Approach

This practical book outlines the steps needed to perform penetration testing using BackBox. It explains common penetration testing scenarios and gives practical explanations applicable to a real-world setting.

Who this book is for

This book is written primarily for security experts and system administrators who have an intermediate Linux capability. However, because of the simplicity and user-friendly design, it is also suitable for beginners looking to understand the principle steps of penetration testing.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Penetration Testing with BackBox by Stefan Umit Uygur in PDF and/or ePUB format, as well as other popular books in Informatica & Reti di computer. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2014
ISBN
9781783282975
Edition
1
Topic
Informatica
Subtopic
Reti di computer

Penetration Testing with BackBox

Table of Contents

Penetration Testing with BackBox
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Starting Out with BackBox Linux
A flexible penetration testing distribution
The organization of tools in BackBox
Information Gathering
Vulnerability Assessment
Exploitation
Privilege Escalation
Maintaining Access
Documentation & Reporting
Reverse Engineering
Social Engineering
Stress Testing
Forensic Analysis
VoIP Analysis
Wireless Analysis
Miscellaneous
Services
Update
Anonymous
Extras
Completeness, accuracy, and support
Links and contacts
Summary
2. Information Gathering
Starting with an unknown system
Automater
Whatweb
Recon-ng
Proceeding with a known system
Nmap
Summary
3. Vulnerability Assessment and Management
Vulnerability scanning
Setting up the environment
Running the scan with OpenVAS
False positives
An example of vulnerability verification
Summary
4. Exploitations
Exploitation of a SQL injection on a database
Sqlmap usage and vulnerability exploitation
Finding the encrypted password
Exploiting web applications with W3af
Summary
5. Eavesdropping and Privilege Escalation
Sniffing encrypted SSL/TLS traffic
An SSL MITM attack using sslstrip
Password cracking
Offline password cracking using John the Ripper
Remote password cracking with Hydra and xHydra
Summary
6. Maintaining Access
Backdoor Weevely
Weevely in URL
Performing system commands
Enumerating config files
Getting access credentials
Editing files
Gathering full system information
Summary
7. Penetration Testing Methodologies with BackBox
Information gathering
Scanning
Exploitation
Summary
8. Documentation and Reporting
MagicTree – the auditing productivity tool
Summary
Index

Penetration Testing with BackBox

Copyright © 2014 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: February 2014
Production Reference: 1130214
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78328-297-5
www.packtpub.com
Cover Image by Aniket Sawant ()

Credits

Author
Stefan Umit Uygur
Reviewers
Jorge Armin Garcia Lopez
Shakeel Ali
Sreenath Sasikumar
Acquisition Editor
Gregory Wild
Technical Editors
Krishnaveni Haridas
Ankita Thakur
Copy Editors
Alfida Paiva
Laxmi Subramanian
Project Coordinator
Aboli Ambardekar
Proofreader
Ameesha Green
Indexer
Mariammal Chettiyar
Production Coordinator
Manu Joseph
Cover Work
Manu Joseph

About the Author

Stefan Umit Uygur has been an IT System and Security engineer for 14 years. He is an extremely motivated open source software evangelist with a passion for sharing knowledge and working in a community environment. He is highly experienced in Penetration Testing and Vulnerability Analysis, Management, and Assessment. He has been involved in many open source software projects, for example BackBox, where he is part of the core team. He has helped to promote the free software culture around the world by participating and organizing international conferences. He significantly contributes to shedding the false and negative perceptions around hacking and hackers by promoting the hacker world in a positive light. He explains in detail the real world of hacking, hackers' motivations, and their philosophy, ethics, and freedom. These activities are promoted mainly through national and international magazines, and in particular, during the conferences that he participates. Along with his professional activities, he has contributed to the Linux magazine, the PenTest magazine, and a few other small, periodic, technical publications.
However, his main passion is continuous collaboration with the community as he believes in the community more than anything else. He strongly feels that knowledge shouldn't be owned by a few people, but should be the heritage of the entire collective. He is always grateful to the community for the skills and the knowledge he possesses. One of the definitions he gives to the community is that it is the real school and university where one truly learns.
I would like to thank my ladybird who helped me out to proofread this entire book. Without her help, I wouldn't have been able to complete this publication in a reasonable timeframe.

About the Reviewers

Jorge Armin Garcia Lopez is a very passionate Information Security Consultant from Mexico with more than six years of experience in Computer S...

Table of contents

  1. Penetration Testing with BackBox