BackTrack Overview
BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
For more information about Backtrack check out there website http://www.backtrack-linux.org or the wikipedia page http://en.wikipedia.org/wiki/BackTrack
Backtrack has been superseded by [Kali] Linux.
Images Overview
The image includes many of the security tools that the desktop version includes.
However the does not include tools like airocrack as this requires your wifi chip to be in monitor which most android devices do not allow, these tools can be installed view backtracks repositories if you do have drivers with monitor mode.
Unlike most other support distros our backtrack image only comes in one ‘flavor’ this is because a lighter version isnt possible without removing many of the tools that make backtrack what it is. (Backtrack without the security tools is just Ubuntu really)
Image Building
The Backtrack image is created by using the prebuild ARM image found on the backtrack website http://www.backtrack-linux.org/downloads/ as a base image.
This image was larger than 4GB and so would not fit on a FAT32 formatted device (which most users sdcard are) so we made a new image of size 3.5GB and moved the content into this.
We then updated the packages within the image as the prebuild image was very old and alot of packages where very outdated.
A normal user (named backtrack) was also created as the prebuilt image just used the root user which is not a good idea.
Once this was finished added our startup script (init.sh) to the image which fixed alot of errors with the image (the prebuilt image was only designed for the Xoom).
More Info
Links
What is Backtrack & How to Use it?
Hello readers! This is the very first article of a series of articles which I’ll be posting on one of the Best tools used in hacking – “Backtrack”. I hope you enjoy reading. Do show your support by commenting and subscribing by mail for Backtrack and other updates for free!
Backtrack is Linux Based Penetration Testing Operating system which provides many inbuilt tools which are used for vulnerability assessment, exploitation and penetration testing. Apart from using metasploit framework on backtrack there is a complete series of “Exploitation Tools”. The tools in Backtrack are divided into following broad categories :
- Information Gathering
- Vulnerability Assessment
- Exploitation Tools
- Privilege Escalation
- Maintaining Access
- Reverse Engineering
- RFID Tools
- Stress testing
- Forensics
- Reporting Tools
- Services
- Miscellaneous
We at HackyShacky will cover many methods of exploiting, vulnerability assessment, penetration testing etc. using Backtrack in the upcoming days.
Please Click Here to Read More Articles on Backtrack.
Shikhil Sharma is a young techie who has great interest in Cyber Security, Hacking, Penetration Testing, SEO, Vulnerability Assessment and loves to write about them.
Follow him on Facebook | Twitter
BackTrack Linux: Penetration Testing Made Easy
BackTrack Linux can reveal some very serious shortcomings within a given network. It can also reveal some viable methods to fix them.
Obsessive-compulsive disorder (OCD) may be the best gauge of professionalism within the ranks of system administrators worldwide. With everything neatly positioned on their desks at 90 degree angles, surfaces wiped to irritating Cloroxed perfection and family pictures hung on cubicle walls (with the help of a leveler), the best system administrators typically allow their inherent perfectionism to spill into the administration of their network.
Which users have what permissions? Which systems are on what VLAN, and what IP address scheme will be used for which subnet?
The best system administrators maintain some type of organizational scheme for all of these questions – and more. If you’re one of these organizational freaks of nature, there’s a tool out there you may be missing – a certain Linux distribution where order, intuitiveness and functionality were implemented to make life easier for security professionals. This Linux distribution is called BackTrack, and professionals should get to know it, because it’s highly useful, and it can be exploited by hackers. (For background reading on Linux, see Linux: Bastion of Freedom.)
What Is BackTrack?
On February 5, 2006, BackTrack 1.0 was released and billed as a merger between two competing Linux distributions known as WHAX and Auditor Security Linux. It featured a KDE desktop that ran on top of the 2.6.15.6 Linux kernel, but its primary claim to fame revolved around the highly detailed compilation of out of the box penetration tools. Over the years, BackTrack released approximately one new distribution every year. At the time of this writing, the most current release is Backtrack 5 Release 1, which was released in August 2011. It has become wildly popular within the security industry. BackTrack 5 is based on Ubuntu, and allows for easier updates due to its access to Ubuntu’s software repositories. It also features both a KDE and a GNOME desktop that the end user may select prior to downloading the ISO image.
Some Useful Tools
The latest and the greatest BackTrack has a few more bells and whistles. But what sets BackTrack apart from many of its Linux brethren is the compilation of out of the box security tools, coupled with its Ubuntu Long Term Support (LTS) partnership. Not only can security administrators save incalculable amounts of time by having so many tools at their fingertips, but they also may take comfort in the fact that BackTrack’s access to Ubuntu’s repositories allows for easy updates and easy downloading of additional tools. Some of the more popular security tools currently offered by BackTrack 5 are Metasploit, Network Mapper (Nmap) and John the Ripper.
The Metasploit Framework was developed in 2003 as a means to take advantage of known software bugs when assessing a given network. Currently, Metasploit has made considerable gains in popularity, and it has proceeded to make significant advances in the areas of Wi-Fi and protocol exploitation. Perhaps the most common use of Metasploit involves its ability to assess whether a given node has been updated and patched correctly. For example, Microsoft routinely releases updates and/or security patches after certain vulnerabilities have been discovered by Microsoft or a third party. After said patch is released, Metasploit Framework developers create exploits to take advantage of previously patched Microsoft bugs. Consequently, security auditors that choose to use Metasploit often do nothing more than simply ensure that a given node is updated and patched properly. (Read more about patches in Patch the Future: New Challenges in Software Patching.)
Widely considered the gold standard of port scanners, Nmap is one of several scanners available within BackTrack. Originally developed as a host discovery tool, Nmap has achieved a profound level of popularity in the security community, as it also provides port scanning and operating system (OS) detection services. Nmap comes installed in BackTrack and allows the end user to use the tool on the command line or by using the Zenmap GUI.
Much like Nmap, John the Ripper increasingly has become an industry standard in the security community. This Linux password cracking tool works completely offline and receives commands solely via the command line. Although it primarily operates on Linux machines, John the Ripper is capable of cracking passwords across several different platforms. John is an invaluable tool for system administrators that want to assess the complexity of various passwords used across a network. However, system administrators must ensure that they have access to the password file on each node.
Best Friend, Worst Enemy
BackTrack Linux is a lot like a loaded handgun: It can be used for both good and evil. When used by those that adhere to the ethical side of vulnerability exploitation, BackTrack can reveal some very serious shortcomings within a given network;. It can also reveal some viable methods to fix these shortcomings. When used by those that scoff at the ethical side of BackTrack’s vulnerability exploitation, it can be absolutely lethal when turned against a given network for nefarious purposes. The Metasploit feature alone can result in the utter devastation of an improperly patched network. System administrators that are unfamiliar with Backtrack should be intimately familiarized with the many tools, services and features that make up the current BackTrack Linux operating system.