Thursday, October 24, 2013

Checking out BackTrack Linux

For this blog I decided to take a look at BackTrack Linux and see what I could learn. BackTrack Linux is a suite of tools used for penetration testing. I downloaded an ISO and created a live boot disk. I tested the GNOME version 5R3. There was an impressive array of tools available. My goal here was just to take a cursory view of what tools are available. BackTrack Linux is available at http://www.backtrack-linux.org/.  I plan to load BackTrack Linux to a USB drive since some programs take a long time to load off of the DVD.

When I opened up the Firefox browser I noticed a link to http://www.exploit-db.com/. This a database of a wide range of exploits, both local and remote, hardware and software based. The most recently posted new exploits are shown on the homepage. New exploits are being found all the time. Exploits are listed by hardware and software types.

I looked at random tools to see what some of them do. One of the tools is called WebSploit. It can be used to set up a variety of DoS attacks. It can be used for man in the middle and XSS attacks as well. It even has a tool to load a backdoor on to a USB drive.

Another program I found was Aircrack-ng. This program is a cracking program for WEP and WPA Wifi keys.

There were a whole bunch of online and offline password crackers such as John the Ripper and Ophcrack. There are also several tools for creating backdoors and rootkits. There was also about every type of scanning and monitoring tool imaginable.

It did also have quite a range of forensic tools but I didn't get too far in figuring out how to use them.

Metasploit looked like an interesting tool. It scans systems and networks for vulnerabilities and then allows the user to attack the system using a database of exploits.

There are so many tools. It would take time to research and figure out how to use them but it could be done. There is an amazing amount of power stuffed into on DVD. But along with that power comes a great deal of moral responsibility. The creators of these tools are arming both side of the battle. Both the good guys and the bad guys can use the same tools. If I took the time to learn these tools I could do some really unethical or even criminal things with them. With much power comes much responsibility. This exercise makes me much more aware of the need for good security. Anyone can get all these tools in a single download. If the good guys don't get their systems and networks first the bad guys will.








Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)