BackTrack 4 - Free E Book (Rare)

Today I am writing special review for the latest book - BackTrack 4: Assuring Security by Penetration Testing.  Written by expert authors on Penetration Testing, this book does real justice to its title.
.

.

Here is the core information about the book,

.

• Title: BackTrack 4: Assuring Security by Penetration Testing
• Author: Shakeel Ali & Tedi Heriyanto
• Publisher: Packt Publishing
• Hardcover: 392 pages
• Release Date: Apr 14, 2011.
  

Here is the table of contents

PART I: Lab Preparation and Testing Procedures
Chapter 1: Beginning with BackTrack
Chapter 2: Penetration Testing Methodology

PART II: Penetration Testers Armory
Chapter 3: Target Scoping
Chapter 4: Information Gathering
Chapter 5: Target Discovery
Chapter 6: Enumerating Target
Chapter 7: Vulnerability Mapping
Chapter 8: Social Engineering
Chapter 9: Target Exploitation
Chapter 10: Privilege Escalation
Chapter 11: Maintaining Access
Chapter 12: Documentation and Reporting

PART III: Extra Ammunition
Appendix A: Supplementary Tools
Appendix B: Key Resources

.
The book is well structured and written with systematic approach towards every stage of Pen Testing – starting with A,B,C…

First part explains how to setup BackTrack on virtual machines (such as Vmware, VirtualBox) and USB disk with step by step pictorial illustrations. Next comes the important step of bringing up network interface where most of has struggled and this book does right job by showing how to set up both wired & wireless interface with neat instructions. Then it goes into theory explaining different types of Pen Testing – Black-box & White-box testing – along with detailed explanation of various Pen Testing methodologies.

.
Second part is where real fun begins as authors delve into practical Pen Testing lessons. It starts with ‘Target Scoping’ where in author describes the process of collecting client requirements, preparing test plan and cross-verifying the same with the client before getting down to the battle field. This is very important part so as to understand scope of pen testing and its perimeters, failing which you may land into legal battle with the client later on.

.
Once the stage is set, author moves on with real Pen Testing phase by explaining passive information gathering using DNS enumeration, traceroute, whois, email harvesting tools from BackTrack. Next chapter focus on the target discovery on client network by identify live hosts and then OS fingerprinting using tools like hping, nbtscan, xprobe2 etc. Next follows detecting open ports and live services running on these discovered targets using NMAP, Amap, Httprint, ike-scan etc. Next comes the “Vulnerability Mapping” where in author shows how to use specialized & fuzzing based auditing tools for discovering vulnerabilities in Cisco, SMB, SNMP, Database & Web applications with very informative examples.

.

Often life does not go as planned and tools does not show the colors, then comes the PLAN B - Social Engineering !

Compared to olden days, now Social Engineering has become very important part of Pen Testing (very well demonstrated by Anonymous in recent HBGary hack). Author adds real juice here by demonstrating power of SET (Social Engineering Toolkit) with scenarios such as ‘targeted phishing attack’, ‘gathering user credentials’ etc.
.

Finally we come to the climax where in you are just a step away from pwning the target system. Chapter on ‘Target Exploitation’ does complete justice by unleashing the power of Metasploit with real life scenarios titled ‘Ninja 101 Drills’. Author showcases around 5 practical scenarios with descriptive explanation surrounding Meterpreter, finally ending with short session on writing Metasploit exploit module.
.

Next chapter on Privilege Escalation deals with gathering user credentials using various password recovery (pwdump, samdump2, dsniff, l0pthcrack, john) & MITM (ettercap, arpspoof) attack tools. Once you have got access to the system, it is important to maintain it through covert mechanisms. So is chapter on ‘Maintaining Access’ explains how to use various protocol tunneling tools such as DNS2tcp, cryptcat, netcat, ptunnel etc to maintain link between source & target systems.
.

Finally it is time to submit report or show up presentation on your Pen Testing work.  Now if you don’t have good presentation or report writing skills then all your hard work in pen testing goes for toss. Most of the times it is true that being techsavvy your softkills will be little hazzy. Author takes note of it and describes how to write different kind of reports (Executive, Management & Technical) and offer various tips on how to prepare each of the report and how to present them to the appropriate audience in a right way.  It would have been beneficial if author would have put sample report? for each of the mentioned types, hope they will include it in second edition.

.

At the end, authors have added additional resources in “Appendix Section” to show the usage of some of external tools such as NeXpose, Netcat, WhatWeb etc which are not included in BackTrack. Also you will find some good links related to vuln disclosure, vuln incentive programs, reverse engineering etc.

.

Highlights of the Book

• Well written, easy/enjoyable to read
• Each tool is shown well with detailed usage and practical example
• No real need for live system while reading
• How each tool works internally [like PING uses ICMP packets etc]
• Tips on using right tools at right times.

.
Though this book have written for BackTrack4 – it is very well applicable to any BackTrack version (with little difference with old/new tools) as it follows the practical & systematic approach making it one of the best guide for any Pen Tester.



Here is the Link :

http://www.ziddu.com/download/15169978/backtrack4.rar.html


http://www.filefactory.com/file/ccf05cb/n/BackTrack_4_Assuring_Security_by_Penetration_Testing.pdf   [Will Avail upto the next 15days ]

Link is Available tested(22/6/2011)  If its Broken in Future Mail me suren.click@gmail.com I will Upload once again

After too many flood request fr uploading the book , i took this sunday to upload it back its LIVE NOW 



UPDATED LINKS BT4




GRAB UR COPY


h@ckfr3ak

.

Read More

How Kerberos Authentication Works

Recently wen i was reading the LM algorithm, like how it works , how the passwords are concatenated and encrypted and stored as Binary form in the SAM Database , i get stuck on with Kerberos , what is the role of in windows ? so i asked in fb page, friend called Vishal Sharma has said , Keberos mechanism used wen a client is connect to the domain or to the ACTIVE DIRECTORY, So i tried to read more abt that , and i found this is the best article i found on internet,thought of sharing with you, Must read for All Network Enginners and Admins

Random Posts

Filed Under: Security

Tags: kerberos

And You may not know it, but your network is probably unsecured right now. Anyone with the right tools could capture, manipulate, and add data between the connections you maintain with the internet. The security cat and mouse game isn’t one sided, however. Network administrators are currently taking advantage of Kerberos to help combat security concerns.

Project Athena

Project Athena was initiated in 1983, when it was decided by the Massachusetts Institute of Technology that security in the TCP/IP model just wasn’t good enough. A total of 8 long years of research passed before Kerberos, named after the three-headed Greek mythological dog known as Cerberus, was officially complete.

The result of MIT’s famous research became widely used as default authentication methods in popular operating systems. If you are running Windows 2000 or later, you are indeed running Kerberos by default. Other operating systems such as the Mac OS X also carry the Kerberos protocol. Kerberos isn’t just limited to operating systems, however, since it is employed by many of Cisco’s routers and switches.

What Does It Protect Against, Anyways?

If you have ever used an FTP program over a network, you are at risk. If you have ever used a Telnet program over a network, you are again at risk. These are just two examples of how little security some applications allow. FTP and Telnet use what are called plaintext passwords, or otherwise known as cleartext passwords. These passwords are ridiculously easy to intercept with the right tools.

Anyone with a simple packet sniffer and packet analyzer can obtain an FTP or telnet logon with ease. With that kind of sensitive information being transmitted, the need for Kerberos is obvious. This need doesn’t stop there, however. Sure FTP and Telnet related logons are easy to intercept, but then again so is every other connection any of your applications has to the internet.
Through a process of man in the middle attacks, any hacker can get most logon information for just about anything. From online bank passwords to private passwords on your computer, they are all generally vulnerable to this attack. A man in the middle attack generally occurs when the hacker acts as the “man in the middle” between two computers. The hacker attempts to pretend to each computer that it is in fact, the computer they have connected to. In reality, all the data is being routed to the hacker, who can then modify or add instructions to the data.

Okay, This Sounds Useful…But How Does It Work?

Kerberos operates by encrypting data with a symmetric key. A symmetric key is a type of authentication where both the client and server agree to use a single encryption/decryption key for sending or receiving data. When working with the encryption key, the details are actually sent to a key distribution center, or KDC, instead of sending the details directly between each computer. The entire process takes a total of eight steps, as shown below.

1. – The authentication service, or AS, receives the request by the client and verifies that the client is indeed the computer it claims to be. This is usually just a simple database lookup of the user’s ID.
2. – Upon verification, a timestamp is created. This puts the current time in a user session, along with an expiration date. The default expiration date of a timestamp is 8 hours. The encryption key is then created. The timestamp ensures that when 8 hours is up, the encryption key is useless. (This is used to make sure a hacker doesn’t intercept the data, and try to crack the key. Almost all keys are able to be cracked, but it will take a lot longer than 8 hours to do so)

3. – The key is sent back to the client in the form of a ticket-granting ticket, or TGT. This is a simple ticket that is issued by the authentication service. It is used for authenticating the client for future reference.

4. – The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to get authenticated.

5. – The TGS creates an encrypted key with a timestamp, and grants the client a service ticket.
6. – The client decrypts the ticket, tells the TGS it has done so, and then sends its own encrypted key to the service.

7. – The service decrypts the key, and makes sure the timestamp is still valid. If it is, the service contacts the key distribution center to receive a session that is returned to the client.

8. – The client decrypts the ticket. If the keys are still valid, communication is initiated between client and server.
Is all that back-and-forth communication really necessary? When concerning speed and reliability, it is entirely necessary. After the communication is made between the client and server, no further need of transmitting logon information is needed. The client is authenticated until the session expires.

Yet More Authentication

The authentication method described above seems a little one-sided. Kerberos provides support for mutual authentication, for a more secure protection against man in the middle attacks. Remember how the client no longer needs to send logon information after the authentication takes place? Well it sure would ruin everything if a hacker just intercepted our communication to the server and pretended to be us!

This type of authentication is fairly easy to understand, since it only involves two systems.

The Mutual Authentication Process

---

• 1. The first system creates a challenge code made up of random numbers.
• 2. This code is sent to the second system, which generates a response to the received code. This response and a challenge code of its own are then sent back to the first system.
• 3. The first system verifies the response of the second system, and then sends a response to the challenge code it received.
• 4. When the second system receives the response, it is verified. If all is well, it notifies the first system that they are indeed mutually authenticated.

---

This type of authentication uses challenge codes to ensure that both computers are who they claim to be. If someone tries to intercept the data, they obviously will fail because they can’t pretend to be one of the computers after they have been authenticated with challenge codes.

Sounds Great! Any Drawbacks I Should Know About?

Of course, nothing is perfect. Kerberos has a couple of main flaws that system administrators need to take into account.

First and foremost is the need of the Kerberos server. This server will handle all the functions required for authentication. If this server goes down, no one can get authenticated, and thus- the network is down. A total network crash can be prevented by using more than one Kerberos server, but that is more costly than some people would like to think.
Next, we have the issue of clock synchronization. Since Kerberos uses timestamps to handle all activity, the clocks on all host machines must be within 10 minutes of the Kerberos server’s clock. Since not all clocks are perfect, the host clock and server clock will eventually be misaligned enough to cause a failure. This can usually be remedied by keep clocks up to date, or use a Network Time Protocol, or NTP.

Closing Comments

Kerberos isn’t the only encryption protocol available. There are multiple ways to encrypt data, and this holds true for many types of different applications. Email encryption protocols, for example, are a breed all of their own.
With a product that has been researched and developed for over 8 years, it is generally expected that the product should be well polished. Kerberos doesn’t fail to deliver, and this can be seen by looking at all the vendors who use it. Cisco, Microsoft, Apple, and many others rely on this faithful three-headed dog for network security.
As Greek mythology goes, you could get around Cerberus by gently lulling him to sleep with honey cakes. Rest assured it will take a lot more than that to get past the famous Kerberos security.



Source: Learn networks

Read More