The Backtrack distribution, maintained by Offensive Security, is the gold standard for penetration testing (white hat or otherwise). It contains an intimidatingly large selection of tools, but is really designed for a very adept user. If you haven’t studied networking, many of them won’t make sense, and even if you have it’s not always very clear how you would use them.
What’s missing is methodology, the meta-process that takes place outside Backtrack itself. The Backtrack 4 desktop menu offers at least a suggestion of the topic areas:
Information Gathering
Network Mapping
Vulnerability Identification
Web Application Analysis
Radio Network Analysis
Penetration
Privilege Escalation
Maintaining Access
Digital Forensics
Reverse Engineering
Voice Over IP
Miscellaneous
This doesn’t describe the process of a security offensive, however. I’d suggest the process goes more like this:
Targeting: Deciding exactly whom you’re going offensive against. If you’re a pen tester, it’s your own or the client organization. If you’ve got a bone to pick, then you have your own reasons for selecting your target. Regardless of why, you’ve got to pick a target.
Identifying the Objective: What do you want to do to the target? Scare the CEO into buying a big security contract? Taking down their evil website? Stealing credit card numbers? Stealing identities? Stealing money? Do you want penetration, or denial of service? Do you want to set up a back door? Build a botnet? Eavesdrop?
Reconnaissance: This comprises Information Gathering (using web searches, DNS queries, route discovery and asset mapping) and Network Mapping (analysis of IP address space, LAN, VLAN and VPN configurations, and wireless networking). Basically, you’re studying the blueprints before breaking into the bank.
Vulnerability Identification: Can I target a Cisco box, crack into an SMB (yes, that’s Microsoft) network, or subvert SNMP functions? Or more accurately, what are the potential attack vectors that can accomplish my objective? And ho boy, this is a big category: everything from secret love affairs to the latest SQL worm.
Attack: Unleashing a suitable exploit to accomplish your objective.
Given this methodology, I’m going to discuss all or most of the tools in the Backtrack 4 distribution, categorize them by stage, and particularly the order in which they’re used.
You’ll have to be a security geek to love this, but if you’ve read this far, you already are. Good luck.