The Hackers Manual 2016

The Hackers Manual 2016

Beginner-friendly distros
For those who need stabilisers.
elementary OS “Freya”
This distro has little in common with its
base distro, Ubuntu. It ships with its
own home-brew Pantheon desktop and
has several custom apps, including a
Mac OS X-inspired dock. The distro
places great emphasis on design and
its Apple fixation is evident from the
tools it supplies, such as Snap, a
webcam app, which is similar to Apple’s
Photo Booth. The distro supplies a
number of custom tools, such as the
Korora 22
Korora is based on the mainstream
Fedora distro and ships separate
Gnome and KDE-based live installable
editions. In contrast to Fedora’s
blandness, Korora ships with a heavily
customised desktop. The distro has
also enabled some Gnome extensions,
by default, to iron out some of its
navigation issues and includes the
Gnome Tweak Tool for more
customisation. The distro has full
Pinguy OS 14.04.2
Another desktop that attracts new
users with its intuitive design is
PinguyOS. The customised Gnome
desktop features a lively dock at the
bottom and the Application menu
brings up a categorised list of apps, and
includes both the Gnome and Ubuntu
Tweak Tools. The distro is chock full of
apps and even includes the Plex Media
server. Besides the best general
Verdict Beginner-friendly distros
All three of the desktop distros we’ve rated,
above, have put in a great amount of effort to
polish the underlying components of their
base distro to a high finish. All three feature
incredibly good-looking desktops that are
intuitive and functional as well.
Of the three, elementary OS has perhaps
put in the most amount of effort into building
custom tools and libraries. Everything from the
window manager up to its apps is crafted to
adhere to its design principles. The one
disadvantage with the distro is that it isn’t as
usable straight out-of-the-box as the others.
Then there’s Korora which has turned the
clean slate of its Fedora underpinnings into a
fully functional smart-looking desktop. The
distro is a wonderful starting point for anyone,
and its strength lies in its customisation and
applications. The distro’s weakest point is the
Anaconda installer inherited from Fedora.
In contrast, Pinguy OS offers the best mix
of form and function. Its pleasing desktop
environment gives access to its vast number of
applications. But make sure you use it only on
an adequately specified machine – all its
customisations consume a lot of resources
and you’ll only be able to enjoy Pinguy OS on a
machine which has at least 4GB of RAM. On a
system with memory lower than that it’s best
to stick to elementary OS.
multimedia support, and enables thirdparty
repos, such as RPMFusion,
Google Chrome and VirtualBox.
Korora also packs in popular apps
and its Firefox browser is equipped with
useful extensions. The distro has some
specialised tools as well, such as the
Audacity audio editor, OpenShot video
editor and Handbrake video transcoder
etc. For package management the
distro ships with both Gnome’s
package manager and YumExtender.
purpose and specialised open source
apps, it includes several popular
proprietary ones, including TeamViewer,
Spotify and Steam for Linux.
There’s also Wine that you can
manage with the bundled PlayOnLinux
front-end. If you need more software, it
has Ubuntu Software Center as well as
the Synaptic package manager. The
distro uses its own repos besides the
ones for Ubuntu and Linux Mint Debian.
Geary Mail, Scratch text editor and
Audience video player, which are
designed to assist inexperienced users.
The distro even uses its own custom
window and compositing manager
called Gala, which consumes less
resources than some of its peers.
However, elementary OS doesn’t offer
many apps out of the box and doesn’t
include proprietary codecs or ship any
non-GTK apps which is why it doesn’t
include the likes of LibreOffice.
The verdict
he abundance of open source
operating systems proves that a
community of open-minded
developers can do great things, which
are worth at least trying out on your
home PC. We don’t insist that you
eventually switch from Linux to another
OS, as we love Linux but almost all of
them are more or less capable for
desktop computing.
PC-BSD is the winner overall with
very good performance in almost all the
tests we threw at it. The OS is fast,
reliable and able to recognise nearly all
hardware components and peripherals.
It may be missing the live mode, which
could garner it even more attention
from open source enthusiasts, but the
desktop experience with PC-BSD is
nearly the same as we’d expect in a
decent Linux distribution.
Haiku is a smart OS and really unlike
the other OSes. There are builds made
with an ancient GCC 2 compiler, which
can still run the original BeOS
applications together with relatively
modern Qt4 apps. Haiku development

download

CentOS System Administration Essentials

CentOS System Administration Essentials

You may have some experience with vi, or what is now known as Vim (which is

when simply put—vi improved). All too often, I find that those first experiences

have never been good ones or to be looked back upon with much fondness. Guiding

you through the initially unfathomable regime of vi, we are going to make sure that

you are the master of vi and you leave wanting to use this tool from the gods. vi is

like everything else in the sense that you just need to stick with it in the early days

and keep practicing. Remember how you persevered for many hours riding your

bicycle as a toddler and became a master, despite a few bruised knees? I want you

to persevere with vi too. We will start with a little command-line magic to make the

whole command-line interface (CLI) experience a better one. We will then be ready

to start our black-belt experience in vi.

In this chapter, we will go through the following topics:

• CLI trickery – shortcuts that you will love

• Vim and vi: In this section, you will learn to differentiate between these

twins and meet their graphical cousin

• Getting the .vimrc setup the way you like

• Search and replace: In this section, you will learn how to quickly find and

replace text within files from both inside and outside Vim

• Learning to remove extraneous comments from a file with a few deft

key strokes

Taming vi

[ 10 ]

CLI trickery – shortcuts that you will love

So before we dice into the wonderful world of text editing that is vi, we will warm

up with a few exercises on the keyboard. Linux is my passion, as is automation. I am

always keen to create scripts to carry out tasks so that those tasks become repeatedly

correct. Once the script is created and tested, we will have the knowledge and faith

that it will run in the same way every time and we will not make mistakes or miss

critical steps, either because it gets boring or we are working late on a Friday night

and just want to go home. Scripting itself is just knowing the command line well

and being able to use it at its best. This truth remains across all systems that you will

work with.

On the command line, we may try a little more black magic by executing the

following command:

$ cd dir1 || mkdir dir1 && cd dir1

With this, we have used the cd command to enter the dir1 directory. The double

pipe or vertical bar indicates that we will attempt the next command only if the first

command fails. This means that if we fail to switch to the dir1 directory, we will run

the mkdir dir1 command to create it. If the directory creation succeeds, we then

change into that directory.

The || part denotes that the second command will run only

on the failure of the first. The && part denotes that the second

command will run only if the first command succeeds.

The command history is a little more and hugely better than just an up arrow key!

Consider the following commands:

$ mkdir dir1

$ cd !$

The !$ part represents the last argument, so in this way, the second line evaluates to

the following:

$ cd dir1

In this way, we can rewrite the initial command sequence, by combining both

concepts, to create the following command:

$ cd dir1 || mkdir !$ && cd !$

Chapter 1

[ 11 ]

We can repeat the last command as well as the last argument. More importantly,

we can specify the start characters for the last command. If it was merely the last

command, then the up arrow key would suffice. If we were working on a web server

configuration, we may want to edit the configuration file with vi, start the service,

and then test with a command-line browser. We can represent these tasks using the

following three commands:

# vi /etc/httpd/conf/httpd.conf

# service httpd restart

w3m localhost

Having run these three commands in the correct order, hoping for success,

we may notice that we still have issues and that we need to start re-editing

the configuration file for Apache, the web server. We can now abbreviate the

command list to the following:

# !v

# !s

# !w

The !v command will rerun the last command in my history that begins with a v,

and likewise with s and w. This way, we can appear to be terribly proficient and

working really quickly, thus gaining more time to do what really interests us,

perhaps a short 9 holes?

In a similar fashion to our first glance at the history using the !$ symbols to represent

the last argument, we can use !?73. This would look for 73 anywhere as an argument

or part of an argument. With my current history, this would relate to the date

command we ran earlier. Let's take a look:

$ !?73

With my history, the sequence will expand to and run the following command:

$ date --date "73 days ago"

Looking at my command history from the last command run to the first, we search

for 73 anywhere as a command argument. We make a note that we exclusively look

for 73, meaning we are looking for the character 7 followed by the character 3. We

have to then bear in mind that we would also match 273 or 733 if they exis

download

CEHv8 Certified Ethical Hacker Version 8 Study Guide

CEHv8 Certified Ethical Hacker Version 8 Study Guide

In this book you will learn the various technologies and methodologies
involved in becoming an ethical hacker. You will
learn what it means to become an ethical hacker and the responsibilities
you will be assuming both technically and ethically when you take on this role.
The reality of your taking on the ethical hacker skill set is that companies and enterprise
environments have had to quickly and effectively address the threats and vulnerabilities
that they face. Through a robust and effective combination of technological, administrative,
and physical measures, all these organizations have learned to address their given situation
and head off major problems. Technologies such as virtual private networks (VPNs),
cryptographic protocols, intrusion detection systems (IDSs), intrusion prevention systems
(IPSs), access control lists (ACLs), biometrics, smart cards, and other devices have helped
security. Administrative countermeasures such as policies, procedures, and other rules have
also been strengthened and implemented over the past decade. Physical measures include
cable locks, device locks, alarm systems, and similar devices. Your new role as an ethical
hacker will deal with all of these items, plus many more.
As an ethical hacker you must not only know the environment you will be working in,
but also how to find weaknesses and address them as needed. However, before we get to
all of that this chapter discusses the history of hacking and what it means to be an ethical
hacker. We’ll also look the process of penetration testing and explore the importance of
contracts.
Hacking: A Short History
Hacker is one of the most misunderstood and overused terms in the security industry. It
has almost become the technological equivalent of a boogeyman, which so many either
fear or end up ignoring. What is a hacker and where do we, as ethical hackers, fit in? Well,
to answer that question let’s take a look at the history of hacking along with some notable
events.
The Early Days of Hacking
As the story goes, the earliest hackers were a group of people who were passionate and
curious about new technology. They were the equivalent of those modern-day individuals
who not only want the latest technology, such as a smartphone or iPhone, but also want
to learn all the juicy details about what the device does and what type of undocumented

download

CEH.Certified.Ethical.Hacker.Practice.Exams.2nd.Edition

CEH.Certified.Ethical.Hacker.Practice.Exams.2nd.Edition

download

CEH.Certified.Ethical.Hacker.Practice.Exams.2nd.Edition

CEH.Certified.Ethical.Hacker.Practice.Exams.2nd.Edition

download

CCNA Routing and Switching Study Guide

CCNA Routing and Switching Study Guide

Internetworking
The following ICND1 exam topics
are covered in this chapter :
11 Operation of IP Data Networks
■■ Recognize the purpose and functions of various network
devices such as Routers, Switches, Bridges and Hubs.
■■ Select the components required to meet a given network
specification.
■■ Identify common applications and their impact on the
network.
■■ Describe the purpose and basic operation of the protocols in
the OSI and TCP/IP models.
Welcome to the exciting world of internetworking. This first
chapter will serve as an internetworking review by focusing
on how to connect networks together using Cisco routers and
switches, and I’ve written it with the assumption that you have some simple basic networking
knowledge. The emphasis of this review will be on the Cisco CCENT and/or CCNA
Routing and Switching (CCNA R/S) objectives you’ll need a solid grasp on in order to succeed
in getting your certifications.
Let’s start by defining exactly what an internetwork is: You create an internetwork when
you connect two or more networks via a router and configure a logical network addressing
scheme with a protocol such as IP or IPv6.
We’ll also dissect the Open Systems Interconnection (OSI) model, and I’ll describe
each part of it to you in detail because you really need complete, reliable knowledge of it.
Understanding the OSI model is key for the solid foundation you’ll need to build upon with
the more advanced Cisco networking knowledge gained as you become increasingly skilled.
The OSI model has seven hierarchical layers that were developed to enable different
networks to communicate reliably between disparate systems. Since this book is centering
upon all things CCNA, it’s crucial for you to understand the OSI model as Cisco sees it, so
that’s how I’ll be presenting the seven layers to you.
After you finish reading this chapter, you’ll encounter review questions and written labs.
These are given to you to really lock the information from this chapter into your memory.
So don’t skip them!
To find up-to-the-minute updates for this chapter, please see
www.lammle.com/forum or the book’s web page at www.sybex.com.
Internetworking Basics
Before exploring internetworking models and the OSI model’s specifications, you need to
grasp the big picture and the answer to this burning question: Why is it so important to learn
Cisco internetworking anyway?
Networks and networking have grown exponentially over the past 20 years, and understandably
so. They’ve had to evolve at light speed just to keep up with huge increases in
basic, mission-critical user needs, (e.g. simple sharing data and printers), as well as greater

burdens like multimedia remote presentations and conferencing. Unless everyone who needs

download

CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1 (5th Edition)

CCIE Routing and Switching v5.0 Official Cert Guide, Volume 1 (5th Edition)

Ethernet Basics

Ethernet has been the mainstay LAN protocol for years, and that is not anticipated to

change anytime soon. More often than not, most people studying network and network

fundamentals are very familiar with the protocol operations, its limitations, and its

strengths. This level of familiarity often makes us complacent when it comes to determining

a solid starting point for teaching technology. But when we consider how many technologies

owe their capacity and capabilities to Ethernet, it becomes clear that this is the

best place to start any discussion about networking. Ethernet is so established and useful

that its role is expanding constantly. In fact, today it has even found its way into the

WAN. Ethernet WAN technologies like Metro-Ethernet have changed the way we build

geographically dispersed infrastructure and have paved the way for greater throughput in

what was traditionally a slow and restrictive mode of transport.

So with the understanding that the majority of readers are probably very familiar with

Ethernet based on working with it on a day-to-day basis, we still need to ensure that we

pay proper due diligence to the technology simply because it is so fundamental to the

creation of both the most basic and the most complex network environments, and even

though we are for the most part very knowledgeable about its operation, we might have

forgotten some of the nuisances of its operation. So in this chapter, the intention is to

outline those operations as clearly and succinctly as possible.

For exam preparation, it is typically useful to use all the refresher tools: Take the “Do I

Know This Already?” quiz, complete the definitions of the terms listed at the end of the

chapter, print and complete the tables in Appendix E , “Key Tables for CCIE Study,” and

certainly answer all the CD-ROM questions concerning Ethernet.

“Do I Know This Already?” Quiz

Table 1-1 outlines the major headings in this chapter and the corresponding “Do I Know

This Already?” quiz questions.

download

Building Virtual Pentesting Labs for Advanced Penetration Testing

Building Virtual Pentesting Labs for Advanced

Penetration Testing

 Introducing Penetration Testing

In this chapter, we will discuss the role that pen testing plays in the professional security testing

framework. We will discuss the following topics:

Define security testing

An abstract security testing methodology

Myths and misconceptions about pen testing

If you have been doing penetration testing for some time and are very familiar with the methodology

and concept of professional security testing, you can skip this chapter, or just skim it, but you might

learn something new or at least a different approach to penetration testing. We will establish some

fundamental concepts in this chapter.

Security testing

If you ask 10 consultants to define what security testing is today, you are more than likely to get a

variety of responses. If we refer to Wikipedia, their definition states:

"Security testing is a process to determine that an information system protects and maintains

functionality as intended."

In my opinion, this is the most important aspect of penetration testing. Security is a process and not a

product. I would also like to add that it is a methodology and not a product.

Another component to add to our discussion is the point that security testing takes into account the

main areas of a security model; a sample of this is as follows:

Authentication

Authorization

Confidentiality

Integrity

Availability

Non-repudiation

Each one of these components has to be considered when an organization is in the process of securing

their environment. Each one of these areas in itself has many subareas that also have to be considered

when it comes to building a secure architecture. The takeaway is that when we are testing security,

we have to address each of these areas.

download

Build Your Own Security Lab

Build Your Own Security Lab

Hardware and Gear

This book is designed for those who need to better understand the functionality

of security tools. Its objective is to help you learn when and how specific tools

can help you secure your network.

You may be wondering what security is. Security typically is defined by

three core concepts: confidentiality, integrity, and availability. There is also

the question as to how much security is enough. Some might say that you can

never have enough security, yet in reality it is about balancing the value of the

asset and the cost of protection. One thing that is agreed upon about security

is the value of defense in depth. Simply stated, security controls should be

built in layers. For example, renaming the administrator account is a good

idea, but so too is restricting access to the account, as well as adding complex

passwords and performing periodic audits of the log files.

Because no two networks are the same, and because they change over time,

it is impossible to come upwith a one-size-fits-all list of hardware and software

that will do the job for you. Networks serve the enterprise that owns them.

The enterprise necessarily changes over time, too. In addition, the scale of

operation impacts security considerations. If you pursue a career as a security

consultant, your goals (and inevitably your needs) will differ if you decide

to work for a large multinational corporation (and even differ depending on

the type of industry) or if your interests lie primarily with small office/home

office (SOHO) or small business. Clearly, a whole spectrum of possibilities

exists here.

This chapter provides the first step in building your own network security

lab. You will start to examine the types of hardware and gear that you can use

to build such a test environment, and then look at the operating systems you

should consider loading on your new equipment.

download

Buffer Overflow Attacks

Buffer Overflow Attacks

Buffer Overflows:
The Essentials
3
Solutions in this Chapter:
■ The Challenge of Software Security
■ The Increase of Buffer Overflows
■ Exploits vs. Buffer Overflows
■ Definitions
Introduction
Buffer overflows. In most information technology circles these days, the term
buffer overflows has become synonymous with vulnerabilities or in some cases,
exploits. It is not only a scary word that can keep you up at night wondering if
you purchased the best firewalls, configured your new host-based intrusion prevention
system correctly, and have patched your entire environment, but can
enter the security water-cooler discussions faster than McAfee’s new wicked
anti-virus software or Symantec’s latest acquisition. Buffer overflows are proof
that the computer science, or software programming, community still does not
have an understanding (or, more importantly, firm knowledge) of how to design,
create, and implement secure code.
Like it or not, all buffer overflows are a product of poorly constructed software
programs.These programs may have multiple deficiencies such as stack
overflows, heap corruption, format string bugs, and race conditions—the first
three commonly being referred to as simply buffer overflows. Buffer overflows
can be as small as one misplaced character in a million-line program or as complex
as multiple character arrays that are inappropriately handled. Some buffer
overflows can be found in local programs such as calendar applications, calculators,
games, and Microsoft Office applications, whereas others could be resident
in remote software such as e-mail servers, FTP, DNS, and the ever-popular
Internet Web servers.
Building on the idea that hackers will tackle the link with the least amount
of resistance, it is not unheard of to think that the most popular sets of software
will garner the most identified vulnerabilities. While there is a chance that the
popular software is indeed the most buggy, another angle would be to state that
the most popular software has more prying eyes on it.
If your goal is modest and you wish to simply “talk the talk,” then reading
this first chapter should accomplish that task for you; however, if you are the
ambitious and eager type, looking ahead to the next big challenge, then we welcome
and invite you to read this chapter in the frame of mind that it written to
prepare you for a long journey.To manage expectations, we do not believe you
will be an uber-hacker or exploit writer after reading this, but you will have the
tools and knowledge afterward to read, analyze, modify, and write custom buffer
overflows with little or no assistance.
The Challenge of
Software Security
Software engineering is an extremely difficult task and of all software creationrelated
professions, software architects have quite possibly the most difficult task.
Initially, software architects were only responsible for the high-level design of
the products. More often than not this included protocol selection, third-party
component evaluation and selection, and communication medium selection.We
make no argument here that these are all valuable and necessary objectives for
any architect, but today the job is much more difficult. It requires an intimate
knowledge of operating systems, software languages, and their inherent advantages
and disadvantages in regards to different platforms. Additionally, software
architects face increasing pressure to design flexible software that is impenetrable
to wily hackers. A near impossible feat in itself.
Gartner Research has stated in multiple circumstances that software and
application-layer vulnerabilities, intrusions, and intrusion attempts are on the
rise. However, this statement and its accompanying statistics are hard to actualize
due to the small number of accurate, automated application vulnerability scanners
and intrusion detection systems. Software-based vulnerabilities, especially
those that occur over the Web are extremely difficult to identify and detect.
SQL attacks, authentication brute-forcing techniques, directory traversals, cookie
poisoning, cross-site scripting, and mere logic bug attacks when analyzed via
attack packets and system responses are shockingly similar to those of normal or
non-malicious HTTP requests.
Today, over 70 percent of attacks against a company’s
network come at the “Application layer,” not the
Network or System layer.—The Gartner Group
4 Chapter 1 • Buffer Overflows: The Essentials
Buffer Overflows: The Essentials • Chapter 1 5
As shown in Table 1.1, non-server application vulnerabilities have been on
the rise for quite some time.This table was created using data provided to us by
government-funded Mitre. Mitre has been the world leader for over five years
now in documenting and cataloging vulnerability information. SecurityFocus
(acquired by Symantec) is Mitre’s only arguable competitor in terms of housing
and cataloging vulnerability information. Each have thousands of vulnerabilities
documented and indexed. Albeit, SecurityFocus’ vulnerability documentation is
significantly better than Mitre’s.
Table 1.1 Vulnerability Metrics
Exposed
Component 2004 2003 2002 2001
Operating System 124 (15%) 163 (16%) 213 (16%) 248 (16%)
Network Protocol 6 (1%) 6 (1%) 18 (1%) 8 (1%)
Stack
Non-Server 364 (45%) 384 (38%) 267 (20%) 309 (21%)
Application
Server Application 324 (40%) 440 (44%) 771 (59%) 886 (59%)
Hardware 14 (2%) 27 (3%) 54 (4%) 43 (3%)
Communication 28 (3%) 22 (2%) 2 (0%) 9 (1%)
Protocol
Encryption Module 4 (0%) 5 (0%) 0 (0%) 6 (0%)
Other 5 (1%) 16 (2%) 27 (2%) 5 (0%)
Non-server applications include Web applications, third-party components,
client applications (such as FTP and Web clients), and all local applications that
include media players and console games. One wonders how many of these vulnerabilities
are spawned from poor architecture, design versus, or implementation.
Oracle’s Larry Ellison has made numerous statements about Oracle’s
demigod-like security features and risk-free posture, and in each case he has been
proven wrong.This was particularly true in his reference to the “vulnerabilityfree”
aspects of Oracle 8.x software which was later found to have multiple buffer
overflows, SQL injection attacks, and numerous interface security issues.The point
of the story: complete security should not be a sought-after goal.
More appropriately, we recommend taking a phased approach with several
small and achievable security-specific milestones when developing, designing,
and implementing software. It is unrealistic to say we hope that only four vulnerabilities
are found in the production-release version of the product. I would
fire any product or development manager that had set this as a team goal.The
following are more realistic and simply “better” goals.
■ To create software with no user-provided input vulnerabilities
■ To create software with no authentication bypassing vulnerabilities
■ To have the first beta release version be free of all URI-based vulnerabilities
■ To create software with no security-dependant vulnerabilities garnered
from third-party applications (part of the architect’s job is to evaluate
the security and plan for third-party components to be insecure)
Microsoft Software Is Not Bug Free
Surprise, surprise. Another Microsoft Software application has been identified
with another software vulnerability. Okay, I’m not on the “bash Microsoft”
bandwagon. All things considered, I’d say they have a grasp on security vulnerabilities
and have done an excellent job at remedying vulnerabilities before production
release. As a deep vulnerability and security researcher that has been in
the field for quite some time, I can say that it is the most –sought-after type of
vulnerability. Name recognition comes with finding Microsoft vulnerabilities for
the simple fact that numerous Microsoft products are market leading and have a
tremendous user base. Finding a vulnerability in Mike Spice CGI (yes, this is
real) that may have 100 implementations is peanuts compared to finding a hole
in Windows XP, given it has tens of millions of users.The target base has been
increased by magnitudes.
Go with the Flow…
Vulnerabilities and Remote Code Execution
The easiest way to be security famous is to find a Microsoft-critical
vulnerability that results in remote code execution. This, complemented
by a highly detailed vulnerability advisory posted to a
dozen security mailing lists, and BAM!, you’re known. The hard part
is making your name stick. Expanding on your name’s brand can be
accomplished through publications, by writing open source tools,
speaking at conferences, or just following up the information with
new critical vulnerabilities. If you find and release ten major vulnerabilities
in one year, you’ll be well on your way to becoming
famous—or should we say: infamous.
Even though it may seem that a new buffer overflow is identified and
released by Microsoft every day, this identification and release process has significantly
improved. Microsoft releases vulnerabilities once a month to ease the pain
on patching corporate America. Even with all of the new technologies that help
6 Chapter 1 • Buffer Overflows: The Essentials
automate and simplify the patching problem, it still remains a problem. Citadel’s
Hercules, Patchlink, Shavlik, or even Microsoft’s Patching Server are designed at
the push of a button to remediate vulnerabilities.
Figure 1.1 displays a typical Microsoft security bulletin that has been created
for a critical vulnerability, allowing for remote code execution. Don’t forget,
nine times out of ten, a Microsoft remote code execution vulnerability is
nothing more than a vulnerability. Later in the book, we’ll teach you not only
how to exploit buffer overflow vulnerabilities, we’ll also teach you how to find
them, thus empowering you with an extremely monetarily tied information
security skill.
Remote code execution vulnerabilities can quickly morph into automated
threats such as network-borne viruses or the better known Internet worms.The
Sasser worm, and its worm variants, turned out to be one of the most devastating
and costly worms ever released in the networked world. It proliferated via
Buffer Overflows: The Essentials • Chapter 1 7
Figure 1.1 A Typical Microsoft Security Advisor
a critical buffer overflow found in multiple Microsoft operating systems.Worms
and worm-variants are some of the most interesting code released in common
times.
Internet worms are comprised of four main components:
■ Vulnerability Scanning
■ Exploitation
■ Proliferation
■ Copying
Vulnerability scanning is utilized to find new targets (unpatched vulnerable
targets). Once a new system is correctly identified, the exploitation begins.A
remotely exploitable buffer overflow allows attackers to find and inject the
exploit code on the remote targets. Afterward, that code copies itself locally and
proliferates to new targets using the same scanning and exploitation techniques.
It’s no coincidence that once a good exploit is identified, a worm is created.
Additionally, given today’s security community, there’s a high likelihood that an
Internet worm will start proliferating immediately. Microsoft’s LSASS vulnerability
turned into one of the Internet’s most deadly, costly, and quickly proliferating
network-based automated threats in history.To make things worse,
multiple variants were created and released within days.
The following lists Sasser variants as categorized by Symantec:
■ W32.Sasser.Worm
■ W32.Sasser.B.Worm
■ W32.Sasser.C.Worm
■ W32.Sasser.D
■ W32.Sasser.E.Worm
■ W32.Sasser.G
The Increase in Buffer Overflows
Contrary to popular belief, it is nearly impossible to determine if vulnerabilities
are being identified and released at an increasing or decreasing rate. One factor
may be that it is increasingly difficult to define and document vulnerabilities.
Mitre’s CVE project lapsed in categorizing vulnerabilities for over a nine-month
stretch between the years 2003 and 2004.With this said, if you were to look at
the sample statistics provided by Mitre on the number of vulnerabilities released,
it would lead you to believe that vulnerabilities are actually decreasing. As seen
by the data in Table 1.2, it appears that the number of vulnerabilities is
decreasing by a couple hundred entries per year. Note that the Total
8 Chapter 1 • Buffer Overflows: The Essentials
Vulnerability Count is for “CVE-rated” vulnerabilities only and does not
include Mitre candidates or CANs.
Table 1.2 Mitre Categorized Vulnerabilities
2004 2003 2002 2001
Vulnerability Count 812 1007 1307 1506
Table 1.3 would lead you to believe that the total number of identified vulnerabilities,
candidates, and validated vulnerabilities is decreasing in number.The
problem with these statistics is that the data is only pulled from one governing
organization. Securityfocus.com has a different set of vulnerabilities that it has
cataloged, and it has more numbers than Mitre due to the different types (or less
enterprise class) of vulnerabilities. Additionally, it’s hard to believe that more
than 75 percent of all vulnerabilities are located in the remotely exploitable portions
of server applications. Our theory is that most attackers search for remotely

exploitable vulnerabilities that could lead to arbitrary code execution

download

Black Hat Python - Python Programming for Hackers and Pentesters

Black Hat Python - Python Programming for Hackers and Pentesters

download

Big Book of Windows Hacks

Big Book of Windows Hacks

STARTUP AND SHUTDOWN

How much do you think about the way you start up and shut

down Windows? After all, what’s to think about—push a few

buttons and you’re done, right?

Wrong. As you’ll see in this chapter, starting up and shutting down Windows is absolutely hackable.

Whether you want to be more productive or just have fun, there’s plenty to hack. Want to change the

Windows Vista and Windows XP boot screen? You can do it. Tired of waiting for your PC to start up

and shut down? You can speed it up. Want to boot into multiple operating systems, create a dualboot

Linux-Windows laptop, and customize your multiboot options? You can do that as well. In this

chapter, you’ll even learn about hardware startup hacks that show you how to tweak your BIOS.

HACK 01: Change Your Windows Vista Boot Screen

Tired of seeing the same old Windows Vista logo every time you

start Windows Vista? Here’s how you can replace it with any one

you want—for free.

Start Windows Vista. Stare at the same boring boot screen you’ve seen approximately 2,984 times.

Ho-hum. Another day of computing.

It doesn’t need to be that way. You can create your own boot screen for Windows Vista, or use a

graphic you fi nd online. And it’s easy to do.

First you’ll need to create or fi nd a graphic for your new boot screen. You’ll need two versions of the

graphic, one 1024 x 768 pixels, and one 800 x 600 pixels. They must be in 24-bit .bmp format.

If you can’t create them yourself, use Google’s image search (go to Google, then click the Images

link and do your search). In your search results, under each image, you’ll see the dimensions of the

graphic, so you’ll be able to know ahead of time whether it’s the right size (Figure 1-1). Note that if

you come across a graphic in .jpg format, you can still use it, because you can have Internet Explorer

save it as a .bmp.

You can save time by fi nding just one fi le, a 1024 x 768 pixel image. You can then use your graphics software

to make a copy of the fi le as an 800 x 600 pixel fi le, so that you’ll have two fi les, one 1024 x 768, and the

other 800 x 600 . A great tool for doing this is the free IrfanView (www.irfanview.com). When you open a fi le

in IrfanView, select Image→Resize/Resample, click 800 x 600 pixels on the right side of the screen, and click

OK. Then save the fi le with a new name, making sure not to overwrite your original fi le.

In Internet Explorer, right-click the image you want to use, select Save Picture As, and in the Save As

Type drop-down, select .bmp. Then save the fi le.

After you have both fi les, download, install, and run the free Vista Boot Logo Generator (www.

computa.co.uk/staff/dan/?p=18). Click each of the “Browse for image” buttons and select your two

graphics. You’ll see a screen like the one shown in Figure 1-2. Select File→Save Boot Screen As and

download

The Basics of Information Security Second Edition

The Basics of

Information Security

Second Edition

download

INTRODUCTION

Information security is a concept that becomes ever more enmeshed in many

aspects of our society, largely as a result of our nearly ubiquitous adoption of

computing technology. In our everyday lives, many of us work with computers

for our employers, play on computers at home, go to school online, buy goods from

merchants on the Internet, take our laptops to the coffee shop and check our e-mail,

carry our smartphones on our hips and use them to check our bank balances, track

our exercise with sensors in our shoes, and so on, ad infinitum.

Although this technology enables us to be more productive and allows us to

access a host of information with only a click of the mouse, it also carries with it a

host of security issues. If the information on the systems used by our employers

or our banks becomes exposed to an attacker, the consequences can be dire indeed.

We could suddenly find ourselves bereft of funds, as the contents of our bank account

are transferred to a bank in another country in the middle of the night. Our company

could lose millions of dollars, face legal prosecution, and suffer damage to its reputation

because of a system configuration issue allowing an attacker to gain access to

a database containing personally identifiable information (PII) or proprietary information.

We see such examples appear in the media with disturbing regularity.

If we look back 30 years, such issues related to computer systems were nearly

nonexistent, largely due to the low level of technology implementation and the few

people who were using what was in place. Although technology changes at an

increasingly rapid rate, and specific implementations arise on a seemingly daily

Basic Security Testing with Kali Linux

Basic Security Testing with Kali Linux

Chapter 1 - Introduction

What is Kali?

Kali is the latest and greatest version of the ever popular Backtrack Linux penetration testing

distribution. The creators of the Backtrack series kept Kali in a format very similar to Backtrack, so

anyone familiar with the older Backtrack platform will feel right at home.

Kali has been re-vamped from the ground up to be the best and most feature rich Ethical Hacking/

Pentesting distribution available. Kali also runs on more hardware devices greatly increasing your

options for computer security penetration testing or “pentesting” systems.

If you are coming to Kali from a Backtrack background, after a short familiarization period you

should find that everything is very similar and your comfort level should grow very quickly.

If you are new to Kali, once you get used to it, you will find an easy to use security testing platform

that includes hundreds of useful and powerful tools to test and help secure your network systems.

Why Use Kali?

Kali includes over 300 security testing tools. A lot of the redundant tools from Backtrack have been

removed and the tool interface streamlined. You can now get to the most used tools quickly as they

appear in a top ten security tool menu. You can also find these same tools and a plethora of others all

neatly categorized in the menu system.

Kali allows you to use similar tools and techniques that a hacker would use to test the security of your

network so you can find and correct these issues before a real hacker finds them.

Tech Note:

Hackers usually perform a combination of steps when attacking

a network. These steps are summarized below:

Recon – Checking out the target using multiple sources –

like intelligence gathering.

Scanning – Mapping out and investigating your network.

Exploitation – Attacking holes found during the scanning

process.

Elevation of Privileges – Elevating a lower access

account to Root, or System Level.

Maintaining Access – Using techniques like backdoors to

keep access to your network.

Covering their Tracks – Erasing logs, and manipulating

files to hide the intrusion.

An Ethical Hacker or Penetration Tester (good guys hired to

find the holes before an attacker does) mimics many of these

techniques, using parameters and guidelines set up with

corporate management, to find security issues.

They then report their findings to management and assist in

correcting the issues.

We will not be covering every step in the process, but will

show you many of the techniques that are used, and how to

defend against them.

I would think the biggest drive to use Kali over commercial security solutions is the price. Security

testing tools can be extremely costly, Kali is free! Secondly, Kali includes open source versions of

numerous commercial security products, so you could conceivably replace costly programs by simply

using Kali.

All though Kali does includes several free versions of popular software programs that can be

upgraded to the full featured paid versions and used directly through Kali.

There really are no major tool usage differences between Backtrack and Kali. Kali is basically

Backtrack version 6, or the latest version of Backtrack. But it has been completely retooled from the

ground up, making software updates and additions much easier.

In Backtrack updating some programs seemed to break others, in Kali, you update everything using the

Kali update command which keeps system integrity much better.

Simply update Kali and it will pull down the latest versions of the included tools for you. Just a note

of caution, updating tools individually could break Kali, so running the Kali update is always the best

way to get the latest packages for the OS.

I must admit though, some tools that I liked in the original Backtrack are missing in Kali. It is not too

big of a deal as another tool in Kali most likely does the same or similar thing. And then again you

can install other programs you like if needed.

In addition to stand alone and virtual machine instances of Kali, I also use Kali on a Raspberry Pi - a

mini credit card sized ARM based computer. With Kali, you can do almost everything on a Pi that you

could do on a full sized system. In my book I will cover using the PI as a security testing platform

including testing Wireless networks.

Testing networks with a computer you could fit in your pocket, how cool is that?

Though Kali can’t possibly contain all the possible security tools that every individual would prefer,

it contains enough that Kali could be used from beginning to end. Don’t forget that Kali is not just a

security tool, but a full-fledged Linux Operating System. So if your favorite tool runs under Linux, but

is not included, most likely you can install and run it in Kali.

Ethical Hacking Issues

Using Ethical Hacking a security tester basically acts like a hacker. He uses tools and techniques that

a hacker would most likely use to test a target network’s security. The difference is, the penetration

tester is hired by the company to test its security and when done reveals to the leadership team how

they got in and what they can do to plug the holes.

The biggest issue I see in using these techniques is ethics and law. Some security testing techniques

that you can perform with Kali and its included tools are actually illegal to do in some areas. So it is

important that users check their local, State and Federal laws before using Kali.

Also, you may have some users that try to use Kali, a very powerful set of tools, on a network that

they do not have permission to do so. Or they will try to use a technique they learned but may have not

mastered on a production network.

All of these are potential legal and ethical issues.

Scope of this Book

This book focuses on those with beginning to intermediate experience with Backtrack/ Kali. I think it

would also be a good tool for network administrators and non-security IT professionals that are

looking to get into the field.

We will cover everything from a basic overview of Kali to using the included tools to test security on

Windows and Linux based systems. We will cover Social Engineering, Wi-Fi security, using Kali on

a Raspberry Pi, exploiting passwords, basic computer security testing from reconnaissance to finding

& using exploits, and finally securing your systems.

Why did I write this book?

I have written technical articles on Backtrack for several years now, and have helped out with

multiple Backtrack/ Kali books and training series. I get a lot of questions on how to use Kali/

Backtrack, so I decided that it was time to write my own beginners guide book.

My other reason for writing this book is to help get young people interested in the field of computer

security. The US is currently facing a crisis when it comes to young professionals choosing technical

careers and the cyber security field is no different.

The US government is in need of thousands1 of cyber warriors and some industry experts have even

suggested that the US consider hiring security experts2 from other countries to fill in the gap.

Think about that for a minute.

The numbers game is against us also. The US is the number two user of the internet, with 81% of our

population connected. Now consider the fact that China is in the number one spot3 with almost double

the amount of users. And their connected rate is only at about 41%!

Though many think that the US is ranked number one in cyber offense capabilities, our defense is not

ranked that well. With foreign countries making marked advances in cyber security the US needs to

get as many brilliant young people into the field as possible, and they need to do it sooner rather than

later.

Disclaimer

Never try to gain access to or security test a network or computer that you do not have written

permission to do so. Doing so could leave you facing legal prosecution and you could end up in jail.

The information in this book is for educational purposes only.

There are many issues and technologies that you would run into in a live environment that are not

covered. This book only demonstrates some of the most basic tool usage in Kali and should not be

considered as an all-inclusive manual to Ethical hacking or pentesting.

I did not create any of the tools in Kali nor am I a representative of Kali Linux or Offensive Security.

Any errors, mistakes, or tutorial goofs in this book are solely mine and should not reflect on the tool

creators, please let me know where I screwed up so it can be corrected.

Though not mentioned by name, thank you to the Kali developers for creating a spectacular product

and thanks to the individual tool creators, you are all doing an amazing job and are helping secure

systems worldwide!

download

BackTrack 5 Wireless Penetration Testing

BackTrack 5 Wireless Penetration Testing

Wireless Lab Setup
"If I had eight hours to chop down a tree, I'd spend six hours sharpening my axe."
Abraham Lincoln, 16th US President
Behind every successful execution is hours or days of preparation, and Wireless Penetration testing is no exception. In this chapter, we will create a wireless lab that we will use for our experiments in this book. Consider this lab as your preparation arena before you dive into the real-world penetration testing!
Wireless Penetration testing is a practical subject and it is important to first setup a lab where we can try out all the different experiments in this book in a safe and controlled environment. It is important that you set up this lab first before proceeding ahead in this book.
In this chapter, we shall look at the following:
‹‹Hardware and software requirements
‹‹BackTrack 5 installation
‹‹Setting up an access point and configuring it
‹‹Installing the wireless card
‹‹Testing connectivity between the laptop and the access point
So let the games begin!
Wireless Lab Setup
[ 8 ]
Hardware requirements
We will need the following hardware to set up the wireless lab:
‹‹ Two laptops with internal Wi-Fi cards: We will use one of the laptops as the victim
in our lab and the other as the penetration tester's laptop. Though almost any
laptop would fit this profile, laptops with at least 3 GB RAM is desirable. This is
because we may be running a lot of memory-intensive software in our experiments.
‹‹ One Alfa wireless adapter: We need a USB Wi-Fi card that can support packet injection
and packet sniffing, and that is supported by Backtrack. The best choice seems to be
the Alfa AWUS036H card from Alfa Networks as BackTrack supports this out-of-thebox.
This is available on Amazon.com for a retail price of $34 at the time of writing.
‹‹ One access point: Any access point which supports WEP/WPA/WPA2 encryption
standards would fit the bill. I will be using a D-LINK DIR-615 Wireless N Router for
the purpose of illustration in this entire book. You can purchase it from Amazon.com
where it is retailing at around $35 at the time of writing.
‹‹ An Internet connection: This will come in handy to perform research, download
software, and for some of our experiments.
Software requirements
We will need the following software to set up the wireless lab:
‹‹ BackTrack 5: BackTrack can be downloaded from their official website located at
http://www.backtrack-linux.org. The software is open source and you
should be able to download it directly from the website.
‹‹ Windows XP/Vista/7: You will need any one of Windows XP, Windows Vista, or
Windows 7 installed in one of the laptops. This laptop will be used as the victim
machine for the rest of the book.
It is important to note that even though we are using a Windows-based OS for our tests, the
techniques learnt can be applied to any Wi-Fi capable devices such as Smart Phones and
Tablets, among others.
Installing BackTrack
Let us now quickly look at how to get up and running with BackTrack.
BackTrack will be installed on the laptop which will serve as the penetration tester's machine
for the rest of the book.
Chapter 1
[ 9 ]
Time for action – installing BackTrack
BackTrack is relatively simple to install. We will run BackTrack by booting it as a Live DVD and
then install it on the hard drive.
Perform the following instructions step-by-step:
1. Burn the BackTrack ISO (we are using the BackTrack 5 KDE 32-Bit edition) that you
have downloaded into a bootable DVD.
2. Boot the laptop with this DVD and select the option BackTrack Text – Default Boot
Text Mode from the boot menu:
Wireless Lab Setup
[ 10 ]
3. If booting was successful then you should see the familiar BackTrack screen:
4. You can boot into the graphical mode by entering startx on the command prompt.
Enjoy the boot music! Once you are in the GUI, your screen should resemble
the following:
Chapter 1
[ 11 ]
5. Now click on the Install BackTrack icon to the top-left of the desktop. This will
launch the BackTrack installer as shown next:
6. This installer is similar to the GUI-based installers of most Linux systems and should
be simple to follow. Select the appropriate options in each screen and start the
installation process. Once the installation is done, restart the machine as prompted,
and remove the DVD.
7. Once the machine restarts, it will present you with a login screen. Type in the login
as "root" and password as "toor". You should now be logged into your installed
version of BackTrack. Congratulations!
I will be changing the desktop theme and some settings for this book. Feel free to use your
own themes and color settings!
Wireless Lab Setup
[ 12 ]
What just happened?
We have successfully installed BackTrack on the laptop! We will use this laptop as the
penetration tester's laptop for all other experiments in this book.
Have a go hero – installing BackTrack on Virtual Box
We can also install BackTrack within virtualization software such as Virtual Box. For readers
who might not want to dedicate a full laptop to BackTrack, this is the best option. The
installation process of BackTrack in Virtual Box is exactly the same. The only difference is the
pre-setup, which you will have to create in Virtual Box. Have a go at it! You can download
Virtual Box from http://www.virtualbox.org.
One of the other ways we can install and use BackTrack is via USB drives. This is particularly
useful if you do not want to install on the hard drive but still want to store persistent data on
your BackTrack instance, such as scripts and new tools. We would encourage you to try this
out as well!
Setting up the access point
Now we will set up the access point. As mentioned earlier, we will be using the D-LINK DIR-
615 Wireless N Router for all the experiments in this book. However, feel free to use any
other access point. The basic principles of operation and usage remain the same.
Time for action – configuring the access point
Let us begin! We will set the access point up to use Open Authentication with an SSID of
"Wireless Lab".
Follow these instructions step-by-step:
1. Power on the access point and use an Ethernet cable to connect your laptop to one
of the access point's Ethernet ports.
Chapter 1
[ 13 ]
2. Enter the IP address of the access point configuration terminal in your browser. For
the DIR-615, it is given to be 192.168.0.1 in the manual. You should consult your
access point's setup guide to find its IP address. If you do not have the manuals
for the access point, you can also find the IP address by running the route –n
command. The gateway IP address is typically the access point's IP. Once you are
connected, you should see a configuration portal which looks like this:
3. Explore the various settings in the portal after logging in and find the settings related

to configuring a new SSID.

download

BackTrack – Testing Wireless Network Security

BackTrack – Testing Wireless

Network Security

Installing and Configuring

BackTrack

In this chapter, we are going to look at the following with respect to using BackTrack:

• Downloading and configuring BackTrack

• Installing BackTrack

• Updating BackTrack

• Validating the interfaces

• Customizing Gnome

• Creating a virtual machine

Before we focus on downloading, installing and configuring Backtrack,

I will provide a brief introduction to Backtrack. The BackTrack distribution is

actually a combination of two different distributions merged together. There

are many distributions that are available, but BackTrack distribution has been

created specifically for professional security and penetration testing. The BackTrack

distribution was the result of a merger between the two distributions Whax and

Auditor. For a brief on some of the distributions, including Auditor, you can find

a presentation that I gave at Black Hat in 2005 via this link:

http://www.blackhat.com/presentations/bh-usa-05/bh-us-05-cardwell.pdf

The name BackTrack comes from the term backtracking, which is the name of a

search algorithm.

Installing and Configuring BackTrack

[ 6 ]

Downloading and configuring BackTrack

The BackTrack distribution comes in a variety of formats; the format you choose

is largely a matter of personal preference and your comfort with creating virtual

machines. Each one of the distributions has the same tools; they only differ in

the utilities that are available with the desktop once you enter the windowing

environment. The available distributions come in either a 32-bit or 64-bit distribution;

most users will be fine with 32-bit distributions. The main consideration is the amount

of random accessory memory (RAM) you will have available for the installation. If you

can allocate more than 4 GB of RAM, you can choose the 64-bit distribution; if not then

go with the 32-bit option. BackTrack will work with as little as 1 GB of RAM, but the

tools you use within it might need more, so 2 GB or more is recommended.

An important point to note is that you should always verify the image files

of anything you download. That is why there is an MD5 hash for each of the

downloads. If you do not know how to do this, you can do a search for it on the

Internet. There are a number of tools that can be downloaded to assist you with

verifying the hash of a file.

The ISO file allows you to take the image and burn it to a DVD, allowing you to boot

from the image and run BackTrack from the DVD. Alternatively, you can also mount

the image using a virtualization tool and boot it that way.

For our purposes, we will use the virtual machine, as it is easy to use and has been

configured with the tools; this allows you to copy and paste within the VM and have

a full screen virtual environment. We will also include steps later in the chapter for

booting the ISO image in VMware Workstation, as that will result in the identical

interface that will be experienced when booting from a DVD image. VMware

Workstation was one of the first virtual environment software products and allows

us to run multiple computers on one machine.

BackTrack can be downloaded from its official website at http://www.BackTracklinux.

org/downloads/. Once you go to the website, you will see that there is a

registration request there; this is optional, and downloading the distribution is not

required. On the Downloads page, you will see a drop-down window that you will

use to select the version of the distribution that you want to download. Once you

click on the drop-down window, the other windows will be populated as displayed

in the next screenshot:

Chapter 1

[ 7 ]

We will be using the BackTrack 5 R3 distribution with the window manager Gnome

(32-bit) and the VMware image installation for the book; download the image, and

then we will continue with the installation.

Installing BackTrack

Once you have downloaded the image, you will need to have certain VMware

software to run the image; you can get the software from www.vmware.com. VMware

Player is smaller with fewer options, although VMware Workstation contains many

features. Both versions have a trial version available, and it is recommended that you

select one and try it out. For this book, we are using VMware Workstation Version 9

as that is the latest version as of this writing. To access the software downloads page,

go to http://www.vmware.com/products/workstation/index.html. VMware

software allows you to perform many functions in a virtual environment, and this

can be an additional security measure for you. If you are using a Mac, you will need

to download VMware Fusion for that; refer to http://www.vmware.com/products/

fusion/overview.html. Also, if you want to use the ISO image to create a DVD and

boot from that, you can do that too. The way in which we start BackTrack is the only

thing that differs from the other distributions; once they start, they all require the

same number of steps to be configured and used.

Installing and Configuring BackTrack

[ 8 ]

You may also want to note here that there are more virtualization products than

VMware, and if you want to try others, you may; some of the popular, free ones are:

• VirtualBox – https://www.virtualbox.org/wiki/Downloads

• Xen – http://www.xen.org/products/downloads.html

• Hyper-V – http://www.microsoft.com/en-us/server-cloud/hyper-vserver/

default.aspx

Hyper-V requires you to have either Windows Server 2008 or Windows Server 2012

installed. There are two reasons why we are using VMware Workstation in this book:

• It has fantastic documentation and support

• The image from BackTrack has the tools installed, and this makes for much

better user experience

As always, software is a matter of personal preference and taste, so try different

versions and see which one works best for you.

The procedure for starting the tool once you have downloaded the virtual machine

is pretty straightforward. Open the image in the virtual machine tool you are using

and check the settings. You should see a screen similar to the one shown in the next

screenshot. You want to check that there is a network adapter present, and that the

RAM is set to a value that you can support on your host machine. As a reminder,

2 GB of RAM is recommended. An example is shown in the next image where the

RAM is not sufficient and would need to be changed; you do this by clicking on

Edit virtual machine settings. Once you have configured this, click on Power on

this virtual machine. If you are prompted before the VM boots up, leave the default

settings, as they are and let the machine boot.

Chapter 1

[ 9 ]

Once the machine has booted, you will need to log in with root as the ID and a

password of toor (root in reverse). This will bring you to the shell interface of

BackTrack. We want to start up the windowing environment, but before we do that,

we want to check and verify that our network has started. Enter ifconfig; you

should see a result similar to in the next screenshot:

In some versions of the BackTrack distribution, you might not have an interface

named eth1. If you only have the lo (loopback) interface, you have to start the

network; the way to do this is by using /etc/init.d/networking start.

This will start your network.

root@bt:~# /etc/init.d/networking start

To avoid having to do this the next time you start BackTrack, enter the update-rc.d

networking defaults command. This will change the configuration, and each time

you start BackTrack, the network will be started for you.

root@bt:~# update-rc.d networking defaults

There is a possibility that when you restart, you will not get a network address;

this is rare with the latest software, but just in case, you might want to enter the

ifconfig command again.

root@bt:~# ifconfig

If you are not connected to the network, that is, if you don't have an IP address,

you can enter dhclient.

root@bt:~# dhclient

Installing and Configuring BackTrack

[ 10 ]

Next, you want to start the XWindows environment; you do this by entering the

startx command in the command shell.

root@bt:~# startx

This will start the XWindows Gnome desktop. Once the window comes up, the first

thing you want to do is to open a shell on your desktop. You can accomplish this by

going to Applications | Accessories | Terminal. The next thing you want to do is to

fix your display within the virtual environment inw the VMware Workstation menu

at the top of the screen. Navigate to View | Fit Guest Now to correct the display;

your screen should now be in fullscreen mode, as shown in the following screenshot:

Next, you want to change the password from the default value of toor, which is not

a strong password. And to be honest, everyone knows it; so let us change it now. In

your command shell terminal window, enter passwd.

root@bt:~# passwd

Chapter 1

[ 11 ]

This will start the password change process. Enter a password of your choice; it will

not echo on the screen as you type it in, and you will be requested to re-enter your

password to confirm it. Make sure you do not forget your password, as it can be a

challenge to recover it; it is not impossible, but it is a challenge nonetheless and is

beyond the scope of this book.

As you can see from the previous screenshot, there is a transparent background

in the shell. There is a simple procedure to customize your shell, and we will do

that now. I prefer to have a white background with black text, which we will now

configure. In the title of the terminal window, navigate to Edit | Profile Preferences.

Once the window opens, you want to click on Background; this is where you will

set the transparency of the shell window. My preference is to have no transparency,

click on Transparent Background, then drag the slider to the right and set it to

Maximum as shown in the next screenshot:

Installing and Configuring BackTrack

[ 12 ]

The next thing we will set is the actual colors of the terminal windows. We do this

by clicking on Colors and then setting the colors for the terminal as identified in the

following screenshot:

Once you have set the colors and transparency for the terminal, you should have

a shell with the colors that you prefer and customized in your profile, so that each

time you open a terminal window it will be configured to your preferences.

Updating BackTrack

Now that we have set up the basics on our BackTrack machine, we want to update

the tool and make sure that it is current. The developers of BackTrack have instituted

an update capability using the apt-get utility. The first thing we want to do is to

update the package. This requires a working Internet connection on your host; verify

this by opening a web browser window and accessing a website. Once you have

verified that you are connected to the Internet, go back to the BackTrack machine

and enter the apt-get update command in a terminal window.

root@bt:~# apt-get update

Chapter 1

[ 13 ]

Once you have entered the command, you should see a display similar to the one

shown in the next screenshot:

Once the update has finished, there should be a message saying that the update

was successful. Once the update is complete, the next thing to do is to upgrade the

distribution itself; we do that also with the apt-get command. Enter apt-get distupgrade

in the terminal window.

root@bt:~# apt-get dist-upgrade

The output of this command should be similar to the one in the following screenshot:

The output indicates the packages that are available and will be upgraded. Once

you have reviewed them, you are ready to do the upgrade; enter Y to start the

upgrade. Once the upgrade has finished, you are done with the main updates

and upgrades for BackTrack.

Installing and Configuring BackTrack

[ 14 ]

Validating the interfaces

There is one more thing we want to correct when it comes to our network, because

there is a problem with the allocation of the interfaces at boot time when you make

copies of a Linux virtual machine. If you enter ifconfig and your interface does not

say eth0, you should correct the network.

root@bt:~# ifconfig

We do this by opening the configuration file and removing all references to the

network interfaces that are there. In your shell, enter gedit.

root@bt:~# gedit

This will open the graphical editor that is contained within the Gnome distribution.

In the editor, navigate to File | Open; when the window opens, navigate to the

configuration file that is located at /etc/udev/rules.d/. To navigate to the folder,

click on the File System folder in the window. This will put you in the root of the

file system; then, it is only a matter of drilling down until you get into the rules.d

folder. Select and open the 70-persistent-net.rules file. Once you are in the

file, delete the old interfaces that are there; highlight the line that starts with # PCI

Device and all the lines after that right up to the end of the file, and then delete

them as shown in the next screenshot:

download