Lab Analysis & Hands on BACKTRACK 5

Deris Stiawan

Ph.D Candidate | Universiti Teknologi Malaysia

In this contains material have steps of scanning and pentest, it use for learning only and do in the private lab scenario. All kinds of problems incurred outside the

classroom thereafter is a crime and you are fully responsible @2011

Scenario

Foot printing, Gathering Information

IP Address, MAC Address, Port, Daemon / Application

Vulnerability / Holes

Penetration

(1) Hands on : Running Backtrack

• Live CD Backtrack (BT) 5 Rel. 1

• Loading BT from booting CD / DVD

• Choose : (1) Backtrack Text

• Wait until process is complete

• Command :

– root@bt5-stealth:# startx

Setting IP Address

• Find “Terminal” in above of desktop

• Root:# ifconfig

• Root:# Ifconfig eth0 ip add netmask

• Route add default gateway ip add

• Echo nameserver 161.139.16.2 > /etc/resolv.conf

• Root:# Ifconfig eth0 up

(2) Hands on: Wireshark

• Click : Applications | Backtrack | Information Gathering | Network Analysis | Network Traffic Analysis | Wireshark

• OR on Terminal , typing command : Wireshark

(3) Hands on: nmap

• Typing nmap in the terminal

– Nmap –v –A ip target

• In the Terminal , typing command : Zenmap

– On Target : IP Address of target

– Profile : Choose the options

– Then Click Scan

(4) Hands on: Guessing Password

• Preparing dictionary / world list

• Open gedit from Application | Accessories

• Or typing in Terminar: gedit

• Then typing some word guessing / dictionary list ; – Admin

– Password

– Handsome

– …

– Save: passlist.txt on root dir

Hydra

• On Terminal, – Hydra -l username –P nameoffile.txt ip address services

– i.e :

– Hydra –l administrator –P passlist.txt IP Address Telnet

• Beware in your characters password, have in list of dictionary, is very easy to guess. There are so many dictionary in much language.

• Update patch your OS and applications.

• In your PC always update your antivirus and get personal firewall

• Be paranoid in Internet, particularly with attachment file from email / messenger

• Use your official personal email with care, don’t use it at the time registration in underground / warez websites.

• Avoid download s/w or application from non official website / underground / warez

Exercise

• Running and testing

– Applications | BackTrack | Stress Testing | Network Stress Testing |

Lab Review & Analysis Question

• (1). Nmap; – Type nmap –sP IP Address,

– Type nmap –Vv –A Ip Address,

– Type nmap –sS Ip address,

– Type nmap –O Ip address, • Observe the output

• How many host did it find ?

• What is the IP Address of the host ?

• How long did the scan take ?

• What the result from this stages ?

• (2). Telnet & Wireshark

– Type in terminal, telnet IP Address target

– Open Wireshark

• Observe the output information from wireshark

• Find information user n password in wireshark

• What is protocol usage ?,

• What is the dominant protocol ?

• Observe handshake process the target and your host

• (3). Hydra & Wireshark & tcpdump – Type Hydra –l administrator –P passlist.txt IP

Address Telnet

– Open & Running the Wireshark

– In the terminal, type tcpdump –X • Observe the output information from wireshark &

tcpdump

• Observe handshake process the target and your host

• Draw it with your own, observation three way handshake the target & host

• Contact : deris@unsri.ac.id