Pen Testing
A penetration test, occasionally pentest, is a method of
evaluating the security of a computer system or network
by simulating an attack from malicious outsiders (who do not have an
authorized means of accessing the organization's systems) and malicious
insiders (who have some level of authorized access).
The process involves an active analysis of the system for any potential
vulnerabilities that could result from poor or improper system
configuration, both known and unknown hardware or software flaws, or
operational weaknesses in process or technical countermeasures.This
analysis is carried out from the position of a potential attacker
and can involve active exploitation of security vulnerabilities.
Security issues uncovered through the penetration test are presented to the system's owner.
Effective penetration tests will couple this information with an
accurate assessment of the potential impacts to the organization and
outline a range of technical and procedural countermeasures to reduce
risks.
Penetration tests are valuable for several reasons:
- Determining the feasibility of a particular set of attack vectors
- Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
- Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
- Assessing the magnitude of potential business and operational impacts of successful attacks
- Testing the ability of network defenders to successfully detect and respond to the attacks
- Providing evidence to support increased investments in security personnel and technology
One of the most popular and widely used tool for Pen Testing is BackTrack .
BackTrack
![[backtrack+4+d]](http://2.bp.blogspot.com/_qZEkCb2gD48/R_y0hWDamKI/AAAAAAAAAlY/xLBqhzf_vfs/s400/backtrack%2B4%2Bd)
BackTrack is a distribution based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm. The current version is BackTrack 5 R3. now based on Ubuntu 10.04 (Lucid) LTS, which is itself based on Debian.
BackTrack includes many well known security tools including:
- Metasploit for integration
- RFMON, injection capable wireless drivers
- Aircrack-ng
- Gerix Wifi Cracker
- Kismet
- Nmap
- Ophcrack
- Ettercap
- Wireshark (formerly known as Ethereal)
- BeEF (Browser Exploitation Framework)
- Hydra
- OWASP Mantra Security Framework, a collection of hacking tools, add-ons and scripts based on Firefox
- Cisco OCS Mass Scanner, a very reliable and fast scanner for Cisco routers with telnet and enabling of a default password.
- A large collection of exploits as well as more commonplace software such as browsers.
- Information gathering
- Vulnerability assessment
- Exploitation tools
- Privilege escalation
- Maintaining access
- Reverse engineering
- RFID tools
- Stress testing
- Forensics
- Reporting tools
- Services
- Miscellaneous
BackTrack Releases:
| Date | Release |
|---|---|
| February 5, 2006 | BackTrack v.1.0 Beta |
| May 26, 2006 | The BackTrack project released its first non-beta version (1.0). |
| March 6, 2007 | BackTrack 2 final released. |
| June 19, 2008 | BackTrack 3 final released. |
| January 9, 2010 | BackTrack 4 final release. (Linux kernel 2.6.30.9) |
| May 8, 2010 | BackTrack 4 R1 release |
| November 22, 2010 | BackTrack 4 R2 release |
| May 10, 2011 | BackTrack 5 release (Linux kernel 2.6.38) |
| August 18, 2011 | BackTrack 5 R1 release (Linux kernel 2.6.39.4) |
| March 1, 2012 | BackTrack 5 R2 release (Linux kernel 3.2.6) |
| August 13, 2012 | BackTrack 5 R3 release |
Download Backtrack ( from backtrack-linux )
My Number Is 0749989698 My Id Is sunilsaxena0099@gmail.com
ReplyDeleteand sunilsaxena.nic@gmail.com and sunilsaxena.nice@gmail.com