Preview

Hacking Techniques and Intrusion Detection

Satisfactory Essays
Open Document
Open Document
446 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Hacking Techniques and Intrusion Detection
Hacking Techniques & Intrusion Detection
Winter Semester 2012/2013

Dr. Ali Al-Shemery aka: B!n@ry

/etc/resolv.conf

Dr. Ali Al-Shemery (aka: B!n@ry)

9

Configuring Basic Network Services
• Sometimes you need to test stuff locally, or import data to a database, or even copy files. That’s why Backtrack comes with a different set of services we can use for such scenarios: • SSH (OpenSSH)

• FTP (vsftpd) • Web (Apache) • Database (MySQL, Postgress) • TFTP
Dr. Ali Al-Shemery (aka: B!n@ry) 10

Exploring the Pentest Directory
• Going to battles without knowing what arsenal you’re carrying can lead to failure ! • Lets take a walk through the BackTrack penetration testing tools directory.

# cd /pentest

Dr. Ali Al-Shemery (aka: B!n@ry)

11

Keeping Your Arsenal up2date
• It is very important to keep your tools up to date, • New features and enhancement are added, • Bugs are fixed, • New tools maybe added! # apt-get update # apt-get upgrade OR # apt-get dist-upgrade
Dr. Ali Al-Shemery (aka: B!n@ry) 12

Knowing Your Toolbox
• You want to know nearly all your toolbox?

# dpkg --list
• You want to know if a specific tool is installed?

# dpkg --list | grep

Dr. Ali Al-Shemery (aka: B!n@ry)

13

Backtrack 5 R3 Toolbox
Backtrack’s main toolbox categories: • Information Gathering Analysis • Vulnerability Assessment • Exploitation Tools • Privilege Escalation • Maintaining Access • Reverse Engineering Doesn’t end • RFID Tools here !!! • Stress Testing • Forensics • Reporting Tools
Dr. Ali Al-Shemery (aka: B!n@ry) 14

Other Useful CLI’s
• Getting Help
– – – – man info --help GNOME Help



Searching
– find – locate – GNOME Search



Creating and Editing Files
– GNOME gedit – vim – nano

0.1% of what’s out there  !!!



Fetching File From Internet

– wget -c

• Installing new software/packages
– apt-cache – apt-get install
Dr. Ali Al-Shemery (aka: B!n@ry) 15

Taken from: Linux Arab


References: [-] Backtrack Linux Distro., http://www.backtrack-linux.org/ [-] Slackware Exploitation VM, http://opensecuritytraining.info/slack12.zip [-] OWASP Broken Web Applications VM, http://downloads.sourceforge.net/project/owaspbwa/1.0/OWASP_Broken_Web_Apps_VM_1.0.7z Dr. Ali Al-Shemery (aka: B!n@ry) 19
Continue Reading
View Writing Issues

You May Also Find These Documents Helpful

  • Satisfactory Essays

    Unit 2 Assignment 2 Microsoft Environment Analysis Paper
    • 499 Words
    • 2 Pages

    Unit 2 Assignment 2 Microsoft Environment Analysis Paper

    Windows of Vulnerability is defined as the ability to attack something that is at risk. Hackers search and pride themselves on finding vulnerabilities or creating their own within a system. A few examples of vulnerabilities that will be covered in this paper are CodeRed, Spida, Slammer, Lovesan, and Sasser.…

    • 499 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    IS4560 Unit 3 Assignment 1: Information Gathering Plan
    • 501 Words
    • 2 Pages

    IS4560 Unit 3 Assignment 1: Information Gathering Plan

    However, too many organizations fail to identify the potential threats from information unintentionally leaked, freely available over the Internet, and not normally identifiable from standard log file analysis. Most critically, an attacker can passively gather this information without ever coming into direct contact with the organizations servers – thus being essentially undetectable. Very little information has been publicly discussed about arguably one of the least understood, and most significant stages of penetration testing – the process of Passive Information Gathering. This technical paper and information gathering plan reviews the processes and techniques related to the discovery of leaked information. It also includes details on both the significance of the leaked information, and steps organizations should take to halt or limit their exposure to this threat.…

    • 501 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    Nt1310 Unit 6 Paper
    • 712 Words
    • 3 Pages

    Nt1310 Unit 6 Paper

    When proceeding with a Penetration test you must specifically authorize access to X party for conducting Y testing on your network. You should specifically lay out details of what the test will include and not include. When it will be done. What systems they will attempt to breech, what indicators will be done to prove the breech. This will protect both you and the Pen testing company incase something happens during the test or in the future. If a report showing how exactly they breeched your network was released to an outside party and they…

    • 712 Words
    • 3 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    Transmission Control Protocol and Protocol Capture
    • 338 Words
    • 2 Pages

    Transmission Control Protocol and Protocol Capture

    NetWitness Investigator, a free tool that provides security practitioners with a means of analyzing packets to…

    • 338 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    NT2580
    • 526 Words
    • 5 Pages

    NT2580

    All rights reserved. Page 5 Types of Threats  Malicious software  Device failure  Application failure  Natural disaster  Intrusive cracker NT2580 Introduction to Information Security © ITT Educational Services, Inc.…

    • 526 Words
    • 5 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    IS3445 Lab 7
    • 371 Words
    • 2 Pages

    IS3445 Lab 7

    3. What possible high risk vulnerabilities did the Rats tool find in the DVWA application source code?…

    • 371 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Better Essays

    Web Application Attacks Prevention
    • 1988 Words
    • 8 Pages

    Web Application Attacks Prevention

    Defense against web attacks is a key element in a security professional’s skill set. For this assignment, your manager has asked you to review the Aim Higher College’s Web server and application security and to suggest appropriate defenses. For each of the following scenarios, explain what the threat or threats are, what defenses you would recommend, and why.…

    • 1988 Words
    • 8 Pages
    Better Essays
    Read More
  • Satisfactory Essays

    Microsoft and Software Management Plan
    • 849 Words
    • 4 Pages

    Microsoft and Software Management Plan

    The original task team at First World Bank Savings and Loan has concerns about the…

    • 849 Words
    • 4 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    AIS Homework
    • 499 Words
    • 2 Pages

    AIS Homework

    Metasploit is an open source platform for developing and testing exploits. It's available for both Unix and Windows systems. This is a far more advanced tool than the others on this list, and requires more programming knowlege to run and use. The advantage is that a specific exploit can be fully demonstrated to exist, rather than noted as a potential vulnerability. This platform runs payloads, shellcode, and remote shells--you will actually penetrate the target. Servers can and will crash!…

    • 499 Words
    • 2 Pages
    Good Essays
    Read More
  • Good Essays

    Encase
    • 680 Words
    • 3 Pages

    Encase

    EnCase is a powerful network enable, multiplatform enterprise investigation platform. It enables immediate response to any computer related incidents and enables thorough forensic analysis. It also preserves volatile and static data on servers, workstations and laptops on and off the corporate network without disrupting operations. Without EnCase organizations must resort to inefficient manual processes using stand alone utilities that extend the response and investigation process by days or weeks and require target systems to be taken out of service. EnCase brings industry standard, law-enforcement grade computer forensic technology to the enterprise for unprecedented incident response and investigative capability. Information security professionals, investigators, auditors and incident response teams can reach any computer within the enterprise in seconds to perform any type of digital investigation. An immediate response is critical to maintaining network and application uptime and reducing the impact of incidents or attacks occurring internally or externally. This translates to anytime, anywhere response and investigative capabilities for information security professionals, computer incident response teams and forensic examiners. EnCase is revolutionizing the practice of enterprise and computer investigations by providing immediate response and thorough analysis of servers, workstations and laptops anywhere on or off the corporate network. Some features from EnCase are : Securely investigate/analyze many machines simultaneously over the LAN/WAN at the disk and memory level, acquire data in a forensically sound manner, using software that has an unparalleled record in courts worldwide, limit incident impact and eliminate system downtime with immediate response capabilities, investigate and analyze multiple platforms Windows, Linux, AIX, OS X, Solaris using a single tool, efficiently collect only…

    • 680 Words
    • 3 Pages
    Good Essays
    Read More
  • Powerful Essays

    Hacking: Implications for Computerized Accounting Information System
    • 2842 Words
    • 12 Pages

    Hacking: Implications for Computerized Accounting Information System

    References: Abu-Musa, A.A. 2002a. Security of computerized accounting information systems: A theoretical framework. Journal of American Academy of Business, Cambridge. Hollywood: Sep.Vol.2, Iss. 1; pg. 150, 6 pgs…

    • 2842 Words
    • 12 Pages
    Powerful Essays
    Read More
  • Powerful Essays

    Gnu General Public License
    • 654 Words
    • 3 Pages

    Gnu General Public License

    JAZZ - Jedi Academy Server Security. In short, jazz is a project created to protect servers on the so-called basic mod - "basejka". Yet, it also increasing protection of other mods. Based on the QMM source code. Jazz by itself is open-source, but source code of the protection modules will not be published. List of fixed vulnerabilities:…

    • 654 Words
    • 3 Pages
    Powerful Essays
    Read More
  • Satisfactory Essays

    RHCE
    • 622 Words
    • 3 Pages

    RHCE

    To attain an RHCT certification, you are required to complete two Red Hat Courses namely: RH 033 and RH 133.…

    • 622 Words
    • 3 Pages
    Satisfactory Essays
    Read More
  • Powerful Essays

    Linux:introduction
    • 904 Words
    • 4 Pages

    Linux:introduction

    Linux and its Application1 Sunil Bhooshan Introductory Importance of Linux ... The File System Basic File Utilities Linux and its Application-1 Sunil Bhooshan Department of ECE JUIT Linux and its Application1 Outline Sunil Bhooshan Introductory Importance of Linux ... 1 Introductory 2 Importance of Linux ... 3…

    • 904 Words
    • 4 Pages
    Powerful Essays
    Read More
  • Good Essays

    Reaction Paper
    • 1126 Words
    • 5 Pages

    Reaction Paper

    Dade enrolls at Stanton High School, where he meets the beautiful Kate Libby (Angelina Jolie), who is responsible for taking him on a tour of the school. Dade is being told about the pool on the roof that results of being locked on the roof with the other several students during rainstorm. He learns that Kate is “Acid Burn” a feud erupts between him and Kate. Their eventual hacking duel, which spans most of the film, is judge by Kate and Dade’s mutual friends in the hacking community, the Phantom Phreak, Cereal Killer and Lord Nikon.…

    • 1126 Words
    • 5 Pages
    Good Essays
    Read More