Offensive Security Penetration Testing with BackTrack PWB Online Lab Guide v.3.2 Table of Contents Before We Begin .............................................................................................................................................................. 16 i. Legal Stuff ................................................................................................................................................................ 16 ii. Important Notes ..................................................................................................................................................... 16 iii. Labs and IP Address Spaces .................................................................................................................................... 16 iv. Control Panel ......................................................................................................................................................... 17 Network Keys / Secrets ......................................................................................................................................... 17 v. PWB VPN Labs ........................................................................................................................................................ 18 vi. How to Approach This Course................................................................................................................................. 19 vii. Reporting .............................................................................................................................................................. 19 Reporting for PWB ................................................................................................................................................ 21 Interim Documentation ......................................................................................................................................... 22 viii. Penetration Testing Methodology......................................................................................................................... 23 1. Module 1: BackTrack Basics .......................................................................................................................................... 25 1.1 Finding Your Way around BackTrack ..................................................................................................................... 26 1.1.1 Exercises....................................................................................................................................................... 28 1.2 BackTrack Services ................................................................................................................................................ 29 1.2.1 DHCP ............................................................................................................................................................ 29 1.2.2 Static IP Assignment ..................................................................................................................................... 30 1.2.3 SSHD ............................................................................................................................................................ 30 1.2.4 Apache ......................................................................................................................................................... 32 1.2.5 FTP ............................................................................................................................................................... 33 2 OS-7561-PWB OS-7561-PWB 1.2.6 TFTPD ........................................................................................................................................................... 34 1.2.7 VNC Server ................................................................................................................................................... 35 1.2.8 Additional Resources .................................................................................................................................... 35 1.2.9 Exercises....................................................................................................................................................... 36 1.3 The Bash Environment .......................................................................................................................................... 37 1.3.1 Simple Bash Scripting .................................................................................................................................... 37 1.3.2 Sample Exercise ............................................................................................................................................ 37 1.3.3 Sample Solution ............................................................................................................................................ 39 1.3.4 Additional Resources .................................................................................................................................... 43 OS-7561-PWB OS-7561-PWB 1.3.5 Exercises....................................................................................................................................................... 44 1.4 Netcat the Almighty .............................................................................................................................................. 45 1.4.1 Connecting to a TCP/UDP Port with Netcat ................................................................................................... 45 1.4.2 Listening on a TCP/UDP Port with Netcat ...................................................................................................... 48 1.4.3 Transferring Files with Netcat ....................................................................................................................... 49 1.4.4 Remote Administration with Netcat .............................................................................................................. 50 1.4.5 Exercises....................................................................................................................................................... 55 1.5 Using Wireshark .................................................................................................................................................... 56 1.5.1 Peeking at a Sniffer ....................................................................................................................................... 56 1.5.2 Capture and Display Filters ........................................................................................................................... 59 1.5.3 Following TCP Streams .................................................................................................................................. 60 1.5.4 Additional Resources .................................................................................................................................... 60 1.5.5 Exercises....................................................................................................................................................... 61 3 OS-7561-PWB OS-7561-PWB 2. Module 2: Information Gathering Techniques............................................................................................................... 62 2.1 Open Web Information Gathering ......................................................................................................................... 64 2.1.1 Google Hacking ............................................................................................................................................. 64 2.2. Miscellaneous Web Resources ............................................................................................................................. 79 2.2.1 Other Search Engines .................................................................................................................................... 79 2.2.2 Netcraft ........................................................................................................................................................ 79 2.2.3 Whois Reconnaissance.................................................................................................................................. 81 2.3 Exercises ............................................................................................................................................................... 86 3. Module 3: Open Services Information Gathering .......................................................................................................... 87 OS-7561-PWB OS-7561-PWB 3.1 DNS Reconnaissance ............................................................................................................................................. 87 3.1.1 Interacting with a DNS Server ....................................................................................................................... 88 3.1.2 Automating Lookups ..................................................................................................................................... 90 3.1.3 Forward Lookup Brute Force ......................................................................................................................... 91 3.1.4 Reverse Lookup Brute Force ........................................................................................................................