Scribd
Upload
50 views

Penetration Testing With Backtrack Syllabus

Backtrack for Ethical Hacking

Uploaded by

appinjaipur
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
50 views

Penetration Testing With Backtrack Syllabus

Backtrack for Ethical Hacking

Uploaded by

appinjaipur
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 9

Penetration Testing With BackTrack Syllabus

Table of Contents
Before we Begin ... i. Legal Stuff ... ii. Important Notes ... iii. Lab IP Address Spaces ... iv. How to approach this course ... v. Reporting ... Reporting for PWB ... Interim Documentation ... vi. Penetration Testing Methodology ... 1. Module 1 - BackTrack Basics ... 1.1 Finding your way around BackTrack ... 1.1.1 Exercise ... 1.2 BackTrack Services ... 1.2.1 DHCP ... 1.2.2 Static IP assignment ... 1.2.3 SSHD ... 1.2.4 Apache ... 1.2.5 FTP . 1.2.6 TFTPD ... 1.2.7 VNC Server ... 1.2.8 Additional Resources ... 1.2.9 Exercise ... 1.3 The Bash Environment ...

1.3.1 Simple Bash Scripting ... 1.3.2 Sample Exercise ... 1.3.3 Sample Solution ... 1.3.4 Additional Resources ... 1.3.5 Exercise ... 1.4 Netcat the Almighty ... 1.4.1 Connecting to a TCP/UDP port with Netcat ... 1.4.2 Listening on a TCP/UDP port with Netcat ... 1.4.3 Transferring files with Netcat ... 1.4.4 Remote Administration with Netcat ... 1.4.5 Exercise ... 1.5 Using Wireshark ... 1.5.1 Peeking at a Sniffer ... 1.5.2 Capture and Display filters ... 1.5.3 Following TCP Streams ...

1.5.4 Additional Resources ... 1.5.5 Exercise ... 2. Module 2- Information Gathering Techniques ... 2.1 Open Web Information Gathering ... 2.1.1 Google Hacking ... 2.2. Miscellaneous Web Resources ... 2.2.1 Other search engines ... 2.2.2 Netcraft ... 2.2.3 Whois Reconnaissance... 2.3 Exercise ...

3. Module 3- Open Services Information Gathering ... 3.1 DNS Reconnaissance ... 3.1.1 Interacting with a DNS server ... 3.1.2 Automating lookups ... 3.1.3 Forward lookup bruteforce ... 3.1.4 Reverse lookup bruteforce ... 3.1.5 DNS Zone Transfers ... 3.1.6 Exercise ... 3.2 SNMP reconnaissance ... 3.2.1 Enumerating Windows Users: ...

3.2.2 Enumerating Running Services ... 3.2.3 Enumerating open TCP ports ... 3.2.4 Enumerating installed software ... 3.2.5 Exercise ... 3.3 SMTP reconnaissance ... 3.4 Microsoft Netbios Information Gathering ... 3.4.1 Null sessions ... 3.4.2 Scanning for the Netbios Service ... 3.4.3 Enumerating Usernames/ Password policies ... 3.4.4 Exercise ... 3.5 Maltego ... 3.5.1 Network Infrastructure ... 3.5.2 Social Infrastructure ...

4. Module 4- Port Scanning ... 4.1 TCP Port Scanning Basics ... 4.2 UDP Port Scanning Basics ... 4.3 Port Scanning Pitfalls ... 4.4 Nmap... 4.4.1 Network Sweeping... 4.4.2 OS fingerprinting ...

4.4.3 Banner Grabbing / Service Enumeration ... 4.4.4 Nmap Scripting Engine ... 4.5 PBNJ ... 4.6 Unicornscan ... 4.7 Exercise ... 5. Module 5- ARP Spoofing ... 5.1 The Theory ... 5.2 Doing it the hard way ... 5.3 Ettercap ... 6. Module 6- Working With Exploits ... 7.1 Looking for an exploit on BackTrack ... 7.2 Looking for exploits on the web ... 7. Module 7 - Exploit frameworks ... 7.1 Metasploit ... 7.2 Interesting Payloads ... 7.2.1 Meterpreter Payload ... 7.2.2 Binary Payloads ... 7.2.3Other Framework v3.x features ... 7.2 Core Impact ...

8. Module 8- Client Side Attacks ... 8.1 Client side attacks ... 8.2 CVE-2009-0927 ... 8.3 MS07-017 - From PoC to Shell ... 8.4 MS06-001 ... 8.5 Client side exploits in action ... 8.6 Exercise ... 9. Module 9- Port Fun ... 9.1 Port Redirection ... 9.2 SSL Encapsulation - Stunnel ... 9.3 HTTP CONNECT Tunneling ... 9.4 ProxyTunnel ... 9.5 SSH Tunneling ... 9.6 What about content inspection? ... 10. Module 12- Password Attacks ... 10.1 Online Password Attacks ... 10.2 Hydra ... 10.2.1 FTP Bruteforce ... 10.2.2 POP3 Bruteforce ... 10.2.3 SNMP Bruteforce ... 10.2.4 Microsoft VPN Bruteforce ... 10.2.5 Hydra GTK ... 10.3 Password profiling ... 10.3.1 CeWL ... 10.4 Offline Password Attacks ...

10.4.1 Windows SAM ... 10.4.2 Windows Hash Dumping - PWDump / FGDump ... 10.4.3 John the Ripper ... 10.4.4 Rainbow Tables ... 10.4.5 Windows does WHAT???? ... 10.4.6 Exercise ... 10.5 Physical Access Attacks ... 10.5.1. Resetting Microsoft Windows ... 10.5.2 Resetting a password on a Domain Controller ... 10.5.3 Resetting Linux Systems ... 10.5.4 Resetting a Cisco Device... 11. Module 11- Web Application Attack vectors ... 11.1 Cross Site Scripting ... 11.1.1 Browser redirection / iframe injection... 11.1.2 Stealing Cookies / Abusing Sessions ... 11.2 Local and Remote File Inclusion... 11.3 SQL Injection in PHP / MySQL ... 11.3.1 Authentication Bypass ... 11.3.2 Enumerating the Database ... 11.3.3 Code Execution ... 11.4 SQL Injection in ASP / MSSQL ... 11.4.1 Identifying SQL Injection Vulnerabilities ... 11.4.2 Enumerating Table Names ... 11.4.3 Enumerating the column types ... 11.4.4 Fiddling with the Database ...

11.4.5 Microsoft SQL Stored Procedures ... 11.4.6 Code execution ... 11.5 Web Proxies ... 11.6 Exercise ... 12. Module 12 - Trojan Horses ... 12.1 Binary Trojan Horses ... 12.2 Open source Trojan horses .. 12.3 World domination Trojan horses ... Final Challenges...

You might also like