top of page

http://www.pythonsecurity.org/

 

Security tools:

 

  • Metasploit for integration

  • Aircrack-ng

  • Gerix Wifi Cracker

  • Kismet

  • Nmap

  • Ophcrack

  • Ettercap

  • Wireshark (formerly known as Ethereal)

  • BeEF (Browser Exploitation Framework)

  • Hydra

  • OWASP Mantra Security Framework, a collection of hacking tools, add-ons and scripts based on Firefox

  • Cisco OCS Mass Scanner, a very reliable and fast scanner for Cisco routers to test default telnet and enabling password.

  • A large collection of exploits as well as more commonplace software such as browsers.

  • Armitage - java frontend to Metasploit.

 

 

 

BackTrack arranged tools into 12 categories:

  • Information gathering

  • Vulnerability assessment

  • Exploitation tools

  • Privilege escalation

  • Maintaining access

  • Reverse engineering

  • RFID tools

  • Stress testing

  • Forensics

  • Reporting tools

  • Services

  • Miscellaneous

     

     

     

Software FrameWorks:

  • Metasploit

  • nmap

  • w3af

     

     

     

     

     

     

     

     

     

 

 

 

 

 

 

 

 

 

 

Sniffer for Linux

 

Linux Sniffer Login: 

1. Click on the Linux Sniffer icon on the topology.  

2. Type root at the bt login: username prompt and press enter.

3.  At the password prompt, type toor and press enter. 

 

**For security purposes, the password will not be displayed**

 

 

 

 

 

 

 

 

 

           Figure 3: Linux Sniffer login

 

4. To start the GUI, type startx at the root@bt:~# prompt and press enter. 

 

BackTrack 5 Internal Attack Login: 

 

1. Click on the BackTrack 5 Internal Attack icon on the topology.  

2. Type root at the bt login: username prompt and press enter.  

3. At the password prompt, type password and press enter.  
 

 

 

 

 

4. To start the GUI, type startx at the root@bt:~# prompt and press enter. 

 

 

///Capturing and Analyzing Traffic with Wireshark///

 

2.1 Using Wireshark  
Before using Wireshark, it is important to bring the sniffer interfaces up.  Even though this was done in Task 1, it is a good idea to start over to practice all of the required steps.

 
1. On the Linux Sniffer system, bring both of the sniffer interfaces up by typing the following two commands:  
root@bt:~#ifconfig eth0 up

root@bt:~#ifconfig eth1 up 

 

2. Type the following to verify that no IP address has been set for either interface:   root@bt:~#ifconfig 

 

3. In the Linux Sniffer terminal, type the following command to start Wireshark:  root@bt:~#wireshark 

 

4. To view the available interfaces, select Capture then go down to Interfaces. 

 

5. Within the Capture Interfaces menu, click Start for the eth0 network device. 

 

During this exercise, we will be capturing plain text FTP, or File Transfer Protocol, traffic from the Windows 7 Internal Attack Machine to the Windows 2k3 Sever  Internal Victim Machine.  

 

6. Open a command prompt on the Windows 7 Machine by double-clicking on the cmd shortcut on the desktop. 

 

7. Type the following command to connect to the FTP Server located on the Windows 2k3 Server Internal Victim Machine:  C:\ftp 192.168.100.201

 

8. For the username, type ftp and press enter.  For the password, type mysecurepass and press enter. 

 

9. On the Linux Sniffer, click the stop button on Wireshark to stop the capture. 

 

10. On the Linux Sniffer, type ftp in the filter pane and click Apply.   

 

 

bottom of page