This past week the newest version of BackTrack Linux was released. For those that have never heard of BackTrack, here is a quick description:
“BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.”
For those that are familiar, some of the tools and menus have changed so I recommend checking it out. Regardless, you should look at BackTrack if you are looking at starting an internal penetration testing or vulnerability assessment program. You should also download BackTrack if you are interested in learning about some of the tools that are being used against you.
BT5 has several tools that are categorized, precompiled and installed. Some category examples are:
- Web Security Tools (i.e. sqlInjection, asp injector, web vulnerability testers)
- Exploit Tools (i.e. Metasploit, fasttrack, etc.)
- Fuzzers (i.e. spike)
- Database (i.e. sqlmap, sqlninja, etc.)
I downloaded the latest VM image that uses the GNOME window manager, and I wanted to share a few tips when using the VM image.
- Delete and then re-add the network adapter when you add it to your VM Server. I found that the interface eth1 would not work otherwise.
- Change the root password after you first login.
- Create the following file /root/.bash_profile and add the following to the file: startx. This command will auto start the GUI for you. Skip this if you prefer the all CLI version.
- If your mouse pointer is invisible in GNOME, add the following line to the “Device” section of your xorg.conf file: OPTION “HWCursor” “off”
- Update the following the software packages:
- Nikto: /pentest/web/nikto/nikto.pl – update
- MetaSploit: /pentest/exploits/framework3/msfupdate
- FastTrack: /pentest/exploits/fasttrack/fast-track.py -i (option 1)
- sqlMap: /pentest/web/scanners/sqlmap/sqlmap.py –update
- Joomla!: /pentest/web/scanners/joomscan/joomscan.pl update
There are other tools that require updating but those our the top ones that I foresee using during assessments going forward so explore and update as needed. PS: You can also install Nessus and use it in conjunction with Nikto for web application testing. Here is the HOWTO video as provided by Tenable.
Image by mariachily