Backtrack 5 r3 List of (some of the) new Tools and Programs

What are the new utilities included with Backtrack 5r3? I couldn’t find a list, so I decided to make one myself comparing BT5r2 with the latest version. This is not an exhaustive list, but hopefully it will help people see some of the very cool new tools and programs added to Backtrack.

I listed the program name and tried to give a short description of what it does. If I screwed any up, please let me know!

Identify Live Hosts:

  • dnmap – Distributed NMap
  • address6 (The Second “Alive6” entry) – IPV6 address conversion

Information Gathering Analysis

  • Jigsaw – Grabs information about company employees
  • Uberharvest – E-mail harvester
  • sslcaudit – SSL Cert audit
  • VoIP honey – VoIP Honeypot
  • urlcrazy – Detects URL typos used in typo squatting, url hijacking, phishing

Web Crawlers

  • Apache_users – Apache username enumerator
  • Deblaze – Performs enumeration & interrogation against Flash remote end points

Database Analysis

  • Tnscmd10g – Allows you to inject commands into Oracle
  • BBQSQL – Blind SQL injection toolkit

Bluetooth Analysis

  • Blueranger – Uses link quality to locate Bluetooth devices

Vulnerability Assesment

  • Lynis – Scans systems & software for security issues
  • DotDotPwn – Directory Traversal fuzzer

Exploitation Tools

  • Netgear-telnetable – Enables Telnet console on Netgear devices
  • Termineter – Smart Meter tester
  • Htexploit – Tool to bypass standard directory protection
  • Jboss-Autopwn – Deploys JSP shell on target JBoss servers
  • Websploit – Scans & analyses remote systems for vulnerabilities

Wireless Exploitation Tools

  • Bluepot – Bluetooth honeypot
  • Spooftooph – Spoofs or clones Bluetooth devices
  • Smartphone-Pentest-Framework
  • Fern-Wifi-cracker – Gui for testing Wireless encryption strength
  • Wi-fihoney – Creates fake APs using all encryption and monitors with Airodump
  • Wifite – Automated wireless auditor

A Bunch of Password Tools

  • Creddump
  • Johnny
  • Manglefizz
  • Ophcrack
  • Phrasendresher
  • Rainbowcrack
  • Acccheck
  • smbexec

And let’s not forget “Subterfuge” the MiTM Framework, and new Arduino support.

Okay, that is not ALL of the new additions, only a chunk of them! I believe last count there are around 60 new tools in the Backtrack 5r3 release.

But why use Backtrack 5 when you can use the latest Backtrack called Kali Linux!

Want to learn more about Backtrack/ Kali Linux?

My new book, “Basic Security Testing with Kali Linux” shows how to use many of the tools and programs in Backtrack/ Kali Linux using hands on step-by-step tutorials. Check it out!

You can also download the latest version of Backtrack/ Kali here.

Backtrack 5 R3 Released Today!

The latest version of Backtrack is out! Check out Backtrack 5 R3!

The time has come to refresh our security tool arsenal – BackTrack 5 R3 has been released. R3 focuses on bug-fixes as well as the addition of over 60 new tools – several of which were released in BlackHat and Defcon 2012. A whole new tool category was populated – “Physical Exploitation”, which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection.”

Kudos to the Backtrack team for working so hard on keeping BT alive and fresh! BT5 is hands down my favorite security tool. Dare I say it is the Swiss Army knife of security. It comes in Gnome and KDE, 32 and 64 Bit. There is also a Gnome 32 bit VM available.

BT5’s move to the Gnome interface is great for the Windows guys amongst us, and R3 adds a ton of new tools.

So what are you waiting for??

Get it now!

*** Check out some of the new tools added here!

Metasploitable 2 Tutorial Part 1: Checking for open Ports with Nmap

I mentioned a week or two ago that we would take a closer look at Metasploitable 2.0, the purposefully vulnerable Linux virtual machine used for learning security tactics and techniques. In this intro, we will quickly cover obtaining Metasploitable and scanning it for open ports and services. (No you do not want Metasploitable running on a open or production machine, it’s vulnerable for Pete’s sake!  🙂  )

For this series of tutorials you will need:

You can setup a test network using VMware or Virualbox. I will not cover this in the article, there are many tutorials out there for setting this up

The Rapid7 website references a great Metasploitable setup tutorial on webpwnized’s YouTube Channel. This covers installing Metasploitable 2 on Virtual Box and how to get to Mutillidae, a great learning tool for web app security:

Okay, let’s take a look at Metasploitable from our Backtrack box. Let’s run an nmap scan and see what services are installed.

Open a Terminal window on your Backtrack system and type:

nmap -v -A (metasploitable’s IP address)

This will show us the open ports and try to enumerate what services are running. Here is a look at the ports:

Holy open ports Batman!

Nmap will churn for a while while it tries to detect the actual services running on these ports. In a few minutes you will see a screen that looks like this:

For each port, we see the port number, service type and even an attempt at the service software version.

From here, we can grab the software version, in this case “Unreal IRC”, and do a search for vulnerabilities for that software release. Just searching “unreal3.2.8.1 exploits” in Google should do the trick. With a little searching, you can find an Unreal exploit usable through Backtrack 5’s Metasploit program that will give you a root shell. See if you can find it and give it a shot. If you strike out, no worries, we will take a closer look at this in a later tutorial.

If nothing comes up, you may not have the exact software version. Nmap tries its best, but it is not always correct. Backtrack 5’s Metasploit console has several service scanners that we can use to get exact version levels. We will take a closer look at these in the next tutorial. Then we will dive into exploiting the open services.

Backtrack 5: Harvesting Credentials with the Social Engineering Toolkit

The Social Engineering Toolkit (SET) included with Backtrack 5 is a great way for corporate security experts or penetration testers to test to see how well their network (and users) would stand up to Social Engineering attacks. With Social Engineering and Spear Phishing attacks on the rise, it is very important to educate your users about these attacks.

In this tutorial I will demonstrate how SET can be used to set up a realistic looking website to harvest e-mail usernames and passwords.

Okay, timeout for a disclaimer: This is for security testing purposes only, never attempt to use any security checks or tools on a network that you do not have the authorization and written permission to do so. Doing so could cost you your job and you could end up in jail.

  1. Obtain Backtrack 5 release 2. You can use the LiveCD version, install it on a new system or run it in a Virtual Machine.
  2. The first thing you will want to do is update both the Metasploit Framework and the Social Engineering Toolkit to make sure you have the latest version. Update both, restart SET and check updates one more time.
  3. From the menu select, number 1 – “Social Engineering Attacks”
  4. Next select “Website Attack Vectors”
  5. Now “Credential Harvester Attack Method”
  6. We now have the option to use a web template that will create a generic website for us to use, we can import a webpage to use, or we can clone any existing website and use that. The included templates are very good, so let’s try one of them. Select number 1, “Web Templates”
  7. As you can see in the picture above, SET comes with templates for several popular programs. Once you select one of the templates, I chose number 2 – “Gmail”, you will be given a short message about username and password form fields, just hit “return”. SET will now create a fake website using the template that you chose, and prepare to harvest any credentials that are entered on the fake website.

And that is it!

Now if we go to the victim machine and surf to the SET created webpage we will see this:

A Gmail login screen! But wait a minute, take a look at the address bar. An IP address is listed instead of the normal google mail address. If a user enters their user name and password on this site, their credentials are harvested and collected on the SET system. So as user “Security Joe” enters his credentials, we see this on the Backtrack system:

In the picture above you can see the user’s name: “Security+Joe” and the user’s password: P@$$W0Rd!

When you are finished, hit “Control-C” to stop harvesting and view a report of all the sessions that you have captured. The report file will be stored in the SET file directory under Reports. Two reports are created, one in html and one in XML. The picture below shows the html report for this session:

As you can see, unless the user checks the address bar, there is no way he could tell that he was on a fake website handing away his login name and password. And as many users use the same password on multiple sites, this could be very valuable information for a hacker to obtain. That is why it is imperative to educate your users about Social Engineering attacks and how to defend against them.