Preview

Hacking Techniques and Intrusion Detection

Satisfactory Essays
Open Document
Open Document
446 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Hacking Techniques and Intrusion Detection
Hacking Techniques & Intrusion Detection
Winter Semester 2012/2013

Dr. Ali Al-Shemery aka: B!n@ry

/etc/resolv.conf

Dr. Ali Al-Shemery (aka: B!n@ry)

9

Configuring Basic Network Services
• Sometimes you need to test stuff locally, or import data to a database, or even copy files. That’s why Backtrack comes with a different set of services we can use for such scenarios: • SSH (OpenSSH)

• FTP (vsftpd) • Web (Apache) • Database (MySQL, Postgress) • TFTP
Dr. Ali Al-Shemery (aka: B!n@ry) 10

Exploring the Pentest Directory
• Going to battles without knowing what arsenal you’re carrying can lead to failure ! • Lets take a walk through the BackTrack penetration testing tools directory.

# cd /pentest

Dr. Ali Al-Shemery (aka: B!n@ry)

11

Keeping Your Arsenal up2date
• It is very important to keep your tools up to date, • New features and enhancement are added, • Bugs are fixed, • New tools maybe added! # apt-get update # apt-get upgrade OR # apt-get dist-upgrade
Dr. Ali Al-Shemery (aka: B!n@ry) 12

Knowing Your Toolbox
• You want to know nearly all your toolbox?

# dpkg --list
• You want to know if a specific tool is installed?

# dpkg --list | grep

Dr. Ali Al-Shemery (aka: B!n@ry)

13

Backtrack 5 R3 Toolbox
Backtrack’s main toolbox categories: • Information Gathering Analysis • Vulnerability Assessment • Exploitation Tools • Privilege Escalation • Maintaining Access • Reverse Engineering Doesn’t end • RFID Tools here !!! • Stress Testing • Forensics • Reporting Tools
Dr. Ali Al-Shemery (aka: B!n@ry) 14

Other Useful CLI’s
• Getting Help
– – – – man info --help GNOME Help



Searching
– find – locate – GNOME Search



Creating and Editing Files
– GNOME gedit – vim – nano

0.1% of what’s out there  !!!



Fetching File From Internet

– wget -c

• Installing new software/packages
– apt-cache – apt-get install
Dr. Ali Al-Shemery (aka: B!n@ry) 15

Taken from: Linux Arab


References: [-] Backtrack Linux Distro., http://www.backtrack-linux.org/ [-] Slackware Exploitation VM, http://opensecuritytraining.info/slack12.zip [-] OWASP Broken Web Applications VM, http://downloads.sourceforge.net/project/owaspbwa/1.0/OWASP_Broken_Web_Apps_VM_1.0.7z Dr. Ali Al-Shemery (aka: B!n@ry) 19
Continue Reading
View Writing Issues

You May Also Find These Documents Helpful

  • Good Essays

    Is335010 Assessment Worksheet
    • 575 Words
    • 3 Pages

    Is335010 Assessment Worksheet

    1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation?…

    • 575 Words
    • 3 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    Unit 2 Assignment 2 Microsoft Environment Analysis Paper
    • 499 Words
    • 2 Pages

    Unit 2 Assignment 2 Microsoft Environment Analysis Paper

    Windows of Vulnerability is defined as the ability to attack something that is at risk. Hackers search and pride themselves on finding vulnerabilities or creating their own within a system. A few examples of vulnerabilities that will be covered in this paper are CodeRed, Spida, Slammer, Lovesan, and Sasser.…

    • 499 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    IS4560 Unit 3 Assignment 1: Information Gathering Plan
    • 501 Words
    • 2 Pages

    IS4560 Unit 3 Assignment 1: Information Gathering Plan

    The explosive growth and popularity of the Internet have resulted in thousands of structured query able information sources. Most organizations are familiar with Penetration Testing and other ethical hacking techniques as a means to understanding the current security status of their information system assets. Consequently, much of the focus of research, discussion, and practice, has traditionally been placed upon active probing and exploitation of security vulnerabilities. Since this type of active probing involves interacting with the target, it is often easily identifiable with the analysis of firewall and intrusion detection/prevention device (IDS or IPS) log files.…

    • 501 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    Nt1310 Unit 6 Paper
    • 712 Words
    • 3 Pages

    Nt1310 Unit 6 Paper

    When proceeding with a Penetration test you must specifically authorize access to X party for conducting Y testing on your network. You should specifically lay out details of what the test will include and not include. When it will be done. What systems they will attempt to breech, what indicators will be done to prove the breech. This will protect both you and the Pen testing company incase something happens during the test or in the future. If a report showing how exactly they breeched your network was released to an outside party and they…

    • 712 Words
    • 3 Pages
    Good Essays
    Read More
  • Good Essays

    The Pros And Cons Of Hacking
    • 598 Words
    • 3 Pages

    The Pros And Cons Of Hacking

    Take a trip down memory lane with these top cyber films. Designed for computer buffs, these movies range from spy thrillers to cyber crime movies. They were selected based on their excellent plot lines and portrayals of technology. Unlike typical movies, these films use computers the way they are actually used in real life with a few exceptions.…

    • 598 Words
    • 3 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    IS3445 Lab 7
    • 371 Words
    • 2 Pages

    IS3445 Lab 7

    3. What possible high risk vulnerabilities did the Rats tool find in the DVWA application source code?…

    • 371 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Better Essays

    Web Application Attacks Prevention
    • 1988 Words
    • 8 Pages

    Web Application Attacks Prevention

    Defense against web attacks is a key element in a security professional’s skill set. For this assignment, your manager has asked you to review the Aim Higher College’s Web server and application security and to suggest appropriate defenses. For each of the following scenarios, explain what the threat or threats are, what defenses you would recommend, and why.…

    • 1988 Words
    • 8 Pages
    Better Essays
    Read More
  • Good Essays

    Raku Pottery
    • 729 Words
    • 3 Pages

    Raku Pottery

    Raku Ware was originally from Japan in the town of Kyoto and was named after the Raku family during the 16th Century. At this time, the Emperor Hideyoshi had conquered Korea and the native potters immigrated to Japan bringing with them pottery techniques and knowledge. The pots were produced for the Zen Buddhist tea ceremony and the decorating and firing of the pots were part of the tea ceremony. There were a three-colored glazed pottery (San Cai) based on technology from the Fujian region of China. Chojiro had become acquainted with the tea masters of Sen No Rikyu in 1522-1591 and decide to make tea bowls for the ceremony Chanoyu.…

    • 729 Words
    • 3 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    Microsoft and Software Management Plan
    • 849 Words
    • 4 Pages

    Microsoft and Software Management Plan

    The original task team at First World Bank Savings and Loan has concerns about the…

    • 849 Words
    • 4 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    AIS Homework
    • 499 Words
    • 2 Pages

    AIS Homework

    Metasploit is an open source platform for developing and testing exploits. It's available for both Unix and Windows systems. This is a far more advanced tool than the others on this list, and requires more programming knowlege to run and use. The advantage is that a specific exploit can be fully demonstrated to exist, rather than noted as a potential vulnerability. This platform runs payloads, shellcode, and remote shells--you will actually penetrate the target. Servers can and will crash!…

    • 499 Words
    • 2 Pages
    Good Essays
    Read More
  • Good Essays

    Encase
    • 680 Words
    • 3 Pages

    Encase

    EnCase is a powerful network enable, multiplatform enterprise investigation platform. It enables immediate response to any computer related incidents and enables thorough forensic analysis. It also preserves volatile and static data on servers, workstations and laptops on and off the corporate network without disrupting operations. Without EnCase organizations must resort to inefficient manual processes using stand alone utilities that extend the response and investigation process by days or weeks and require target systems to be taken out of service. EnCase brings industry standard, law-enforcement grade computer forensic technology to the enterprise for unprecedented incident response and investigative capability. Information security professionals, investigators, auditors and incident response teams can reach any computer within the enterprise in seconds to perform any type of digital investigation. An immediate response is critical to maintaining network and application uptime and reducing the impact of incidents or attacks occurring internally or externally. This translates to anytime, anywhere response and investigative capabilities for information security professionals, computer incident response teams and forensic examiners. EnCase is revolutionizing the practice of enterprise and computer investigations by providing immediate response and thorough analysis of servers, workstations and laptops anywhere on or off the corporate network. Some features from EnCase are : Securely investigate/analyze many machines simultaneously over the LAN/WAN at the disk and memory level, acquire data in a forensically sound manner, using software that has an unparalleled record in courts worldwide, limit incident impact and eliminate system downtime with immediate response capabilities, investigate and analyze multiple platforms Windows, Linux, AIX, OS X, Solaris using a single tool, efficiently collect only…

    • 680 Words
    • 3 Pages
    Good Essays
    Read More
  • Powerful Essays

    Gnu General Public License
    • 654 Words
    • 3 Pages

    Gnu General Public License

    JAZZ - Jedi Academy Server Security. In short, jazz is a project created to protect servers on the so-called basic mod - "basejka". Yet, it also increasing protection of other mods. Based on the QMM source code. Jazz by itself is open-source, but source code of the protection modules will not be published. List of fixed vulnerabilities:…

    • 654 Words
    • 3 Pages
    Powerful Essays
    Read More
  • Good Essays

    Reaction Paper
    • 1126 Words
    • 5 Pages

    Reaction Paper

    Dade enrolls at Stanton High School, where he meets the beautiful Kate Libby (Angelina Jolie), who is responsible for taking him on a tour of the school. Dade is being told about the pool on the roof that results of being locked on the roof with the other several students during rainstorm. He learns that Kate is “Acid Burn” a feud erupts between him and Kate. Their eventual hacking duel, which spans most of the film, is judge by Kate and Dade’s mutual friends in the hacking community, the Phantom Phreak, Cereal Killer and Lord Nikon.…

    • 1126 Words
    • 5 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    RHCE
    • 622 Words
    • 3 Pages

    RHCE

    To attain an RHCT certification, you are required to complete two Red Hat Courses namely: RH 033 and RH 133.…

    • 622 Words
    • 3 Pages
    Satisfactory Essays
    Read More
  • Powerful Essays

    Linux:introduction
    • 904 Words
    • 4 Pages

    Linux:introduction

    Linux and its Application1 Sunil Bhooshan Introductory Importance of Linux ... The File System Basic File Utilities Linux and its Application-1 Sunil Bhooshan Department of ECE JUIT Linux and its Application1 Outline Sunil Bhooshan Introductory Importance of Linux ... 1 Introductory 2 Importance of Linux ... 3…

    • 904 Words
    • 4 Pages
    Powerful Essays
    Read More