Today I am writing special review for the latest book – BackTrack 4: Assuring Security by Penetration Testing. Written by expert authors on Penetration Testing, this book does real justice to its title.
Here is the core information about the book,
- Title: BackTrack 4: Assuring Security by Penetration Testing
- Author: Shakeel Ali & Tedi Heriyanto
- Publisher: Packt Publishing
- Hardcover: 392 pages
- Release Date: Apr 14, 2011
Here is the table of contents
PART I: Lab Preparation and Testing Procedures
Chapter 1: Beginning with BackTrack
Chapter 2: Penetration Testing Methodology
PART II: Penetration Testers Armory
Chapter 3: Target Scoping
Chapter 4: Information Gathering
Chapter 5: Target Discovery
Chapter 6: Enumerating Target
Chapter 7: Vulnerability Mapping
Chapter 8: Social Engineering
Chapter 9: Target Exploitation
Chapter 10: Privilege Escalation
Chapter 11: Maintaining Access
Chapter 12: Documentation and Reporting
PART III: Extra Ammunition
Appendix A: Supplementary Tools
Appendix B: Key Resources
The book is well structured and written with systematic approach towards every stage of Pen Testing – starting with A,B,C…
First part explains how to setup BackTrack on virtual machines (such as Vmware, VirtualBox) and USB disk with step by step pictorial illustrations. Next comes the important step of bringing up network interface where most of has struggled and this book does right job by showing how to set up both wired & wireless interface with neat instructions. Then it goes into theory explaining different types of Pen Testing – Black-box & White-box testing – along with detailed explanation of various Pen Testing methodologies.
Second part is where real fun begins as authors delve into practical Pen Testing lessons. It starts with ‘Target Scoping’ where in author describes the process of collecting client requirements, preparing test plan and cross-verifying the same with the client before getting down to the battle field. This is very important part so as to understand scope of pen testing and its perimeters, failing which you may land into legal battle with the client later on.
Once the stage is set, author moves on with real Pen Testing phase by explaining passive information gathering using DNS enumeration, traceroute, whois, email harvesting tools from BackTrack. Next chapter focus on the target discovery on client network by identify live hosts and then OS fingerprinting using tools like hping, nbtscan, xprobe2 etc. Next follows detecting open ports and live services running on these discovered targets using NMAP, Amap, Httprint, ike-scan etc. Next comes the “Vulnerability Mapping” where in author shows how to use specialized & fuzzing based auditing tools for discovering vulnerabilities in Cisco, SMB, SNMP, Database & Web applications with very informative examples.
Often life does not go as planned and tools does not show the colors, then comes the PLAN B – Social Engineering !
Compared to olden days, now Social Engineering has become very important part of Pen Testing (very well demonstrated by Anonymous in recent HBGary hack). Author adds real juice here by demonstrating power of SET (Social Engineering Toolkit) with scenarios such as ‘targeted phishing attack’, ‘gathering user credentials’ etc.
Finally we come to the climax where in you are just a step away from pwning the target system. Chapter on ‘Target Exploitation’ does complete justice by unleashing the power of Metasploit with real life scenarios titled ‘Ninja 101 Drills’. Author showcases around 5 practical scenarios with descriptive explanation surrounding Meterpreter, finally ending with short session on writing Metasploit exploit module.
Next chapter on Privilege Escalation deals with gathering user credentials using various password recovery (pwdump, samdump2, dsniff, l0pthcrack, john) & MITM (ettercap, arpspoof) attack tools. Once you have got access to the system, it is important to maintain it through covert mechanisms. So is chapter on ‘Maintaining Access’ explains how to use various protocol tunneling tools such as DNS2tcp, cryptcat, netcat, ptunnel etc to maintain link between source & target systems.
Finally it is time to submit report or show up presentation on your Pen Testing work. Now if you don’t have good presentation or report writing skills then all your hard work in pen testing goes for toss. Most of the times it is true that being techsavvy your softkills will be little hazzy. Author takes note of it and describes how to write different kind of reports (Executive, Management & Technical) and offer various tips on how to prepare each of the report and how to present them to the appropriate audience in a right way. It would have been beneficial if author would have put sample report? for each of the mentioned types, hope they will include it in second edition.
At the end, authors have added additional resources in “Appendix Section” to show the usage of some of external tools such as NeXpose, Netcat, WhatWeb etc which are not included in BackTrack. Also you will find some good links related to vuln disclosure, vuln incentive programs, reverse engineering etc.
Highlights of the Book
- Well written, easy/enjoyable to read
- Each tool is shown well with detailed usage and practical example
- No real need for live system while reading
- How each tool works internally [like PING uses ICMP packets etc]
- Tips on using right tools at right times.
Though this book have written for BackTrack4 – it is very well applicable to any BackTrack version (with little difference with old/new tools) as it follows the practical & systematic approach making it one of the best guide for any Pen Tester.
To conclude – this is a invaluable guide to wanna be Penetration Testers and handy reference for experts. The book that should be kept beside your BackTrack DVD.
Disclaimer: I have received this book from the publisher for special review. However the review remains genuine and unbiased.