Open Source Software Technical Articles

Want the Best of the Wazi Blogs Delivered Directly to your Inbox?

Subscribe to Wazi by Email

Your email:

Connect with Us!

Current Articles | RSS Feed RSS Feed

Get Professional Security Testing with BackTrack


BackTrack Linux has established itself as the de facto suite of choice for security professionals and administrators who want to find any possible holes in their servers, systems, and networks. This bootable Linux distro includes a complete set of tools that can help you not only assess the security of your system but also aid in uncovering possible break-ins, making it an essential part of any administrator's toolkit.

While you should heed all security advisories for the distribution and applications you use, just keeping the systems up-to-date and tucked behind a tight firewall is not enough to safeguard your machines, network, and the data. Unless a break-in is perpetrated by a novice, even a skilled administrator has little chance of detecting it before the cracker does damage. BackTrack can help you find weak spots in your defenses so that you can seal them off.

Penetration testing involves deliberately attacking your system to determine vulnerabilities. Using a variety of tools designed for specific tasks, you attempt to break into your own system. Exhaustive pen testing helps you assess potential breach points, which you should then plug before anyone attempts to exploit them.

The hundreds of tools on offer with BackTrack are ones that the security professionals who created the suite deem best for each specific job, be it for sniffing passwords in the Wi-Fi stream, harvesting email addresses, or cracking passwords.

BackTrack is a live DVD distribution, which means you don't need to install it to use all the tools on offer, though an install script is included should you wish to install it to disk. It comes in both KDE and GNOME versions, a luxury not offered in past releases, which all used KDE exclusively. The distribution made a successful switch to Ubuntu as its base distribution with BackTrack 4, and the current BackTrack 5 release is based on Ubuntu 10.04 LTS. But don't expect the Ubuntu you might be used to – because it's designed to be used for security purposes, the distribution lacks many common applications, though if any software you want is missing from the DVD, chances are you'll find it in the software repositories.

All the BackTrack tools, most of which run at the command line, can be accessed from the K-Menu -> BackTrack entry on the desktop, if you're running the KDE version, or the Application -> BackTrack menu on GNOME. Within some categories, you'll find a deep nested tree structure. The category names should help you identify the purpose of the tools within.

If you're a CLI junkie, all the scripts and tools in BackTrack reside under the /pentest directory, and you can launch the scripts directly from the terminal. However, you won't find the same tree structure within /pentest as you would in the graphical menu on the desktop. You might have to wander through the directories trying to locate the script or tool you wish to run. It's easier to launch the tool using the BackTrack menu.

On the menu you'll find a category for information gathering and one for privilege escalation, among others. Information gathering contains tools that can be used to gather information without touching the target machine. These tools rely on public resources such as email addresses, mail servers, and websites to gather information. The privilege escalation category contains tools that come into play once you've exploited a vulnerability in the target machine to gain access, and now need to gain a higher privilege (root access, for instance).

Since it's designed to be used by security professionals or administrators, everything in BackTrack is geared toward security. For instance, BackTrack comes with the Firefox web browser, enhanced with many plugins to keep you protected from potentially harmful sites. When browsing, should any website fail to load, look at the status bar – the NoScript plugin might have blocked the site. Click Option on the bottom right of the status bar to allow the site, if you trust it, to view the web page.


Cracking Wi-Fi Encryption

Once you've had a chance to survey the tools on offer, it's time to consider some practical scenarios where BackTrack might come in handy.

A simple search on the Internet reveals best practices for securing your wireless hotspots. But measures such as WEP and WPA encryption aren't enough to keep determined troublemakers at bay. They employ software tools to crack Wi-Fi encryption. So does BackTrack – all the tools you need to identify Wi-Fi hotspots, capture data transferred over the stream, and crack WEP.

To actually perform the cracking, you need to use the Aircrack-ng suite of tools bundled with BackTrack. The project's website offers detailed documentation on each of the different tools in the suite, as well as how to use them to crack encryption. In fact, the tool is so popular, you'll find detailed instructions on how to use it on many technology blogs, and even videos on YouTube.

Information Gathering

Access to various online public resources is all you need to collect different kinds of information about a potential target. You can use websites such as

The screenshot above is heavily redacted, because I don't want to get into trouble. But as you can see, in addition to downloading 40 PDF files, I've also learned two usernames whose passwords I can bruteforce crack. Look under Menu -> BackTrack -> Privilege Escalation -> Password Attacks to choose from any number of bruteforce tools, include John the Ripper.

More Resources

Wi-Fi hacking and information gathering are just two fun and easy things you can do with BackTrack. Security professionals can use its many tools to do much more. For more details, see the distribution's forum boards and wiki.

As penetration testing is a specialized skill, Offensive Security, the people behind BackTrack, also conduct courses to help penetration testers and system administrators understand the power of the included tools. After taking the flagship course, Pentesting with BackTrack, or if you're confident about your pen testing skills already, you can apply for an Offensive Security Certification.

This work is licensed under a Creative Commons Attribution 3.0 Unported License
Creative Commons License.

This work is licensed under a Creative Commons Attribution 3.0 Unported License
Creative Commons License.


<p>Barbour Jackets Outlet,
Coach Factory,
Burberry Outlet,
Burberry Factory Outlet,
Prada Outlet Online,
Gucci Bags Outlet,
Kate Spade Outlet Online,
Louis Vuitton Outlet Online,
Marc Jacobs Outlet,
MCM Bags Outlet,
Cheap Oakley Sunglaases,
Coach Outlet Online,
Michael Kors Outlet Online,
Prada Outlet Online,
Polo Outlet Store Online,
Nike Air Jordan,
Coach Outlet,
Polo Outlet Online,
Michael Kors Outlet Online,
Michael Kors Bags Outlet,
Michael Kors Black Friday,
Moncler Jackets Outlet Online,
Moncler Jackets Black Friday,
Monster Beats Outlet Online,
North Face Outlet,
North Face Outlet Online,
Polo Ralph Lauren,
Ralph Lauren Polo,
Polo Outlet,
Hermes Bags Outlet,
Louis Vuitton Shoes Outlet,
Sacs Longchamp Pas Cher,
Canada Goose Black Friday,
Cheap Clothes Sale,
Coach Black Friday 2014,
Shop Coach Factory,
Coach Factory Outlet,
Coach Outlet Online,
Coach Outlet Online,
Cheap Coach Purses,
Coach Factory Store,
Coach Cyber Monday,
Woolrich Jackets Black Friday,
Barbour Jackets Black Friday,
Monster Beats Outlet,
Coach Purses Store Online,
Black Friday,
Coach Factory Outlet Online,
Coach Outlet Online,
Ralph Lauren Black Friday
Coach Outlet Black Friday</p>Coach Outlet Black Friday,
Louis Vuitton Black Friday,
Hermes Outlet Black Friday,
Prada Outlet Black Friday,
Chanel Outlet Black Friday,
gucci Black Friday,
Burberry Outlet Black Friday,
Celine Outlet Black Friday,
Balenciaga Outlet Black Friday,
Christian Dior Outlet Black Friday,
Chloe Outlet Black Friday,
Bvlgari Outlet Black Friday,
Bally Outlet Black Friday,
Coach Black Friday,
Michael Kors Outlet Black Friday,
MCM Outlet Black Friday,
Fendi Outlet Black Friday,
Mulberry Outlet Black Friday,
Marc by Marc Jacobs Black Friday,
Miu Miu Outlet Black Friday,
Ysl Outlet Black Friday,
Tory Burch Outlet Black Friday,
Givenchy Outlet Black Friday,
Ferragamo Outlet Black Friday,
Michael Kors Factory,
MCM Outlet Online,
Beats by Dre Outlet,
North Jackets Outlet Online,
Michael Kors Outlet Online,
Coach Outlet Online,
Coach Factory Outlet,
Ugg Boots Sale,
Cheap Coach Purses,
Coach Outlet Online USA,
Coach Outlete,
Michael Kors Black Friday,
Michael Kors Outlet,
Nike Air Max,
Michael Kors Sale,
Posted @ Friday, October 24, 2014 3:36 AM by polo
Post Comment
Website (optional)

Allowed tags: <a> link, <b> bold, <i> italics