Penetration Testing with BackTrack
A note from the authors
Thank you for opting to take the “Offensive Security - PWB” extended lab training. PWB is not your usual IT security course. We hope to challenge you, give you a hard time and make you think independently during the training. We will often throw you into the deep end with short exercises and
challenges. You won't be served fish, you'll be taught to catch them.
My personal opinion of the IT security arena is that it should be formally separated into two distinct fields - “Defensive Security” and “Offensive Security”. This idea came to me when a good friend and Microsoft Networking mentor of mine came to visit me during a course. We started talking about the (latest at the time) ZOTOB worm (MS05-039) and I asked him if he had lately seen any instances of it.
He answered that he saw an infection in one location, where it was overcome quickly. He then said: “That ZOTOB was annoying though; it kept rebooting the servers until we managed to get rid of it.” It was then that a massive beam of light shined from the heavens and struck me with full force. More about this enlightenment later.
I took my friend aside and proceeded to boot a vulnerable class computer and told him: “Watch this, I'm going to use the same exploit as Zotob uses when it spreads”. I browsed to the milw0rm site, and downloaded the first (at the time) exploit on the list, and saved it to disk. I opened a command prompt, compiled the exploit using the cl command line Visual Studio compiler and ran the exploit.
The output looked similar to “ms05-039.exe <victim IP>”. I punched in the IP address of the vulnerable computer with one finger, and pressed enter. I was immediately presented with command shell belonging to the victim machine. I typed in ipconfig and then whoami. I gave him just enough time to see the output, and then typed “exit”. Exiting the shell caused svchost.exe to crash, and a reboot window popped up, just like the ones he saw.
I could slowly see the realization seep in. His face lost color and he slowly sat down on the nearest chair. He looked at me with horrified eyes, and somehow manage to gasp “how” and “why” at the same time. He then quickly exited the room and made some urgent phone calls. I was later honored to have this friend sit in one of my courses, which unfortunately left him paranoid as hell.
Now, back to my enlightenment. I realized that this master of Windows Active Directory and Multiple Domain PKI Infrastructure guru did not have the same narrow “security” knowledge as a 12 year old script monkey. He was not aware of the outcomes of such an attack and did not know that the “reboot” syndrome he observed was an “unfortunate” byproduct of SYSTEM access to the machine.
This made me realize that there is a huge gap between the “Defensive” and “Offensive” security fields. A gap so big that a 12 year old (who probably doesn't know what TCP/IP stands for) could outsmart a well-seasoned security expert.
Hopefully, if this separation between the “Defensive” and “Offensive” fields is clear enough, network administrators and (defensive) security experts will start to realize that they are aware of only one half of the equation, and that there's a completely alien force they need to deal with. To truly be able to defend your assets, you must first understand the attacks and the attackers.
This course attempts to partially fill in this gap and present the Penetration Testing and Ethical Hacking field to the student. Basic attack vectors are presented and the penetration testing cycle is introduced. The course focuses on understanding and then implementing the “why” and “how” respectively. Please be aware that this course will not teach you how to be an ethical hacker, or a penetration tester. This is achieved after many months and years of study and experience. This course merely introduces the basic tools and techniques which are used in common attack vectors. Perhaps most importantly, this course introduces the frame of mind required to become a true security professional.
<Zen>The nature of this course and related topics is disruptive. Labs might behave oddly, things might not always work as expected. Be ready to manipulate and adapt as needed, as this is the way of the pen tester </Zen>.
Saying this, we've taken all measures possible for the labs to be easily understood and in many cases recreated by the student, using both the course movies and the written lab guide. If a certain topic is new or alien to you try sticking to the guide, and things should be OK. Once you feel comfortable with the topic, you can try experimenting with lab variables.
We have active forums and an IRC channel where you can interact with other students – these resources will be very valuable to you during the course. I've added several “Extra Mile” mini challenges to part of the exercises for those wanting to particularly advance in the field of penetration testing, and are willing to put in the extra time and effort. These challenges are not necessary, but recommended.
I really hope you enjoy the course, at least as much as I did making it, and that you gain new insights
and a deeper understanding into what the security arena looks like from an attacker's perspective.
Download PWB version 3:
thanks about this information ethical hacking course is the best for all organization
BalasHapusHi,
BalasHapusThanks for such a valuable and information keep sharing ! much helpful for more person. if want Import Export Consultants in bangalore & Auditors For IT in bangalore click on it