Free Essay

Test

In: Computers and Technology

Submitted By balboy
Words 1111
Pages 5
P a g e |1

BackTrack 5 guide 4: How to perform stealth actions
Karthik R, Contributor

You can read the original story here, on SearchSecurity.in. In previous installments of this BackTrack 5 how to tutorial, we have discussed information gathering and vulnerability assessment of the target system; explored network assessment, scanning and gaining access into the target; and, delved into privilege escalation tools. In this installment of the tutorial on BackTrack 5, how to perform stealth actions will be discussed.

Why stealth?
The objective of penetration testing is to replicate the actions of a malicious attacker. No attacker desires discovery of surreptitious entry into the network, and hence employs stealth techniques to remain unnoticed. The penetration tester needs to adopt the same stealth methods, in order to honestly assess the target network.

http://searchsecurity.techtarget.in/tip/BackTrack-5-guide-4-How-to-perform-stealth-actions

P a g e |2

Figure 1. The ‘maintaining access’ category in BackTrack 5, with a focus on OS backdoors. This installment of the BackTrack 5 how to tutorial deals with the “Maintaining Access” feature, within which are options for OS backdoors, tunneling and Web backdoors, as shown in Figure 1.

OS backdoors > Cymothoa:
Cymothoa is a stealth backdooring tool on BackTrack 5 that injects backdoor shell code into an existing process. This tool has been developed by codewizard and crossbower from ElectronicSouls. The general usage option of this tool is as follows: Cymothoa –p -s [options] Cymothoa includes several payloads ready to be used. They are numbered from 0 to 14. The tool has various categories of options, including main options, injection options and payload options. Figure 2 shows Cymothoa in action, affecting port 100 of process 1484, which is a bash process in the system.

Figure 2. Running Cymothoa on pid 1484 on port 100.

http://searchsecurity.techtarget.in/tip/BackTrack-5-guide-4-How-to-perform-stealth-actions

P a g e |3

Figure 3. Before running Cymothoa infection.

Figure 4. After running Cymothoa infection. As we progress in this BackTrack 5 how to, we can clearly see that the netstat –l command shows an additional port 100 added into the Listen category, since we have infected the port with the shell code numbered 0. Thus we can run Cymothoa on any system and infect any target port of the system and keep a backdoor open, to maintain access to the system. The target user will not have any knowledge of a backdoor running unless an inspection is made for any anomalies. Getting the process id on BackTrack 5 is achieved using the command ps –aux in the Cymothoa shell.

Meterpreter as a backdoor
In our previous series of tutorials we discussed meterpreter as an essential part of the Metasploit framework used in gaining system information of the target and also to carry out the tasks for spawning a shell into the target. In this section we shall explore along with BackTrack 5 how to use Meterpreter as a backdoor in BackTrack 5.

http://searchsecurity.techtarget.in/tip/BackTrack-5-guide-4-How-to-perform-stealth-actions

P a g e |4

Usage: /opt/framework/msf3/msfpayload [] [actions] This is effective when an attacker wants to connect back to a victim repeatedly, without having the user click on the malicious executable. For a clear understanding of Metasploit and meterpreter refer to our Metasploit tutorial and previous installments of our BackTrack 5 tutorial.

Figure 5. Creating the exe backdoor using msfpayload. In Figure 5 you can see that exploit.exe is the malicious msf meterpreter payload that is created using the msfpayload command. Continuing with this BackTrack 5 how to, we shall now create a listener to this payload, which would try to connect back to 192.168.13.132 on port 4444. Using Metasploit, create a handler and set the LHOST and LPORT options as set in the msfpayload console. Once this is done, run the exploit. This exploit runs on a wild target. Whenever a victim clicks on this file -- sent to him using social engineering or other

Figure 6. Handler created in Metasploit to listen to the backdoor.

http://searchsecurity.techtarget.in/tip/BackTrack-5-guide-4-How-to-perform-stealth-actions

P a g e |5

disguised methods -- it listens back to the LHOST and connects back to LPORT. As soon as the victim opens that exe file in his system, a meterpreter shell is spawned and the connection in initiated. The attacker can carry out the required post-exploitation tasks on the target once the connection is established.

Backdoor invasion vulnerabilities
Backdoors are covert channels of communications with a system. The attacker can have longer, unrestricted access to a system by using a backdoor, saving the time and effort of engineering the attack from scratch. It is important for a penetration tester to check if the system is susceptible to backdoor invasions, so that unauthorized access can be prevented by providing suitable patches.

Figure 7. The victim system accessed by BT5 using a backdoor. The most common vulnerabilities that facilitate backdoor invasion of a system are buffer overflows, cross-site scripting (XSS) and remote administration. Preventive methods include regular change in the security policies based on the threat mitigation scenarios previously encountered by the organization; practice of secure software development cycle methodology; and, strictly following security standards in programming, making sure to check the application level security and any modifications done on a routine basis. In this installment of the BackTrack 5 tutorial, we have seen how to use BackTrack 5 for including stealth in your attacks as a penetration tester. In the next and final part of this BackTrack 5 how to guide, we shall present a scenario-based attack using BackTrack 5, and carry out an attack from scratch while including all the methods and techniques covered in this BackTrack 5 how to series.

http://searchsecurity.techtarget.in/tip/BackTrack-5-guide-4-How-to-perform-stealth-actions

P a g e |6

Do not miss Part 5 of our BackTrack 5 tutorial which details how to perform penetration testing

About the author: Karthik R is a member of the NULL community. Karthik completed his training for EC-council CEH in December 2010, and is at present pursuing his final year of B.Tech. in Information Technology, from National Institute of Technology, Surathkal. Karthik can be contacted on rkarthik.poojary@gmail.com. He blogs at http://www.epsilonlambda.wordpress.com You can subscribe to our twitter feed at @SearchSecIN. You can read the original story here, on SearchSecurity.in.

http://searchsecurity.techtarget.in/tip/BackTrack-5-guide-4-How-to-perform-stealth-actions…...

Similar Documents

Premium Essay

Test

...Test Data   Elvis Presley ± ISSUnit 1 ± Match Risks/ThreatsDr. Grubb12-13-2011 Risks or Threats: 1. Violation of a security policy by a user.C. Place employee on probation, review acceptable use policy (AUP) and employeeManual, and discuss status during performance reviews.2. Disgruntled employee sabotage.I. Track and monitor abnormal employee behavior, erratic job performance, and use of ITinfrastructure during off-hours. Begin IT access control lockout procedures based onAUP monitoring and compliance.3. Download of non-business videos using the internet to an employee-owned computer.A. Enable content filtering and antivirus scanning at the entry and exit points of theinternet. Enable workstation auto-scans and auto-quarantine for unknown file types.4. Malware infection of a user¶s laptop.L. Use workstation antivirus and malicious code policies, standards, procedures, andguidelines. Enable an automated antivirus protection solution that scans and updatesindividual workstations with proper protection.5. Unauthorized physical access to the LAN. N. Make sure wiring closets, data centers, and computer rooms are secure.Provide no access without proper credentials.6. LAN server operating system vulnerabilities.F. Define vulnerability window policies, standards, procedures, and guidelines.Conduct LAN domain vulnerability assessments.7. Download of unknown file types from unknown sources by local users.B. Apply file transfer monitoring, scanning, and alarming for unknown......

Words: 372 - Pages: 2

Premium Essay

Test

... External Modem | Circuit Board | CD Drive | Hard Drive | Memory Board | Test device 1 | 7 | 3 | 12 | 6 | 18 | 17 | Test device 2 | 2 | 5 | 3 | 2 | 15 | 17 | Test device 3 | 5 | 1 | 3 | 2 | 9 | 2 | The first two test devices are available 120 hours per week. The third (device 3) requires more preventive maintenance and may be used only 100 hours each week. The market for all six computer components is vast, and Quitmeyer Electronics believes that it can sell as many units of each product as it can manufacture. The table that follows summarizes the revenues and material costs for each product: Device | Revenue Per Unit Sold ($) | Material Cost Per Unit ($) | Internal modem | 200 | 35 | External modem | 120 | 25 | Graphics circuit board | 180 | 40 | CD drive | 130 | 45 | Hard disk drive | 430 | 170 | Memory expansion board | 260 | 60 | In addition, variable labor costs are $15 per hour for test device 1, $12 per hour for test device 2. and $18 per hour for test device 3. Quitmeyer Electronics wants to maximize its profits. (a) Formulate this problem as an LP model. (b) Solve the problem by computer. What is the best product mix? (c) What is the value of an additional minute of time per week on test device 1? Test device 2? Test device 3? Should Quitmeyer Electronics add more test device time? If so, on which equipment? Let X1 = the number of internal modems......

Words: 4454 - Pages: 18

Free Essay

Test

...Test Automation Criteria Benefit * How often do you believe the test should be run? * How many minutes are required for one tester to execute the test manually? * Will human intervention still be required to execute the test after automation? * Does the execution of the test require the tester to input a large amount of data (e.g. populating many fields or populating the same fields many times) via the gui interface? * Does the test require an inordinate amount of user interface actions (e.g. mouse clicks, validations)? * Will automating the test increase the productivity of the team? * Will automating the test allow us to increase test coverage? * Will automating the test allow us to increase the accuracy (exactness) and precision ( reproducibility or repeatability) of the test? * Is the execution of this test prerequisite to the execution of multiple other tests? Cost * How many hours of data preparation (e.g. querying data, setup within the application, etc.) is required for this test? * Is the test documented in such a way that someone other than the author can execute it, and is it stored in Quality Center? * What is the average number of times the test needs to be updated (e.g to reflect development changes) within a six month span? * Are the manual test steps currently up to date? * Are the systems and environments in which the test is run stable and consistently available? * Are third party systems......

Words: 276 - Pages: 2

Premium Essay

Test

...This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is just a test This is......

Words: 5040 - Pages: 21

Premium Essay

Test

...is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test file This is a test......

Words: 385 - Pages: 2

Free Essay

Test

...Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User Category test User......

Words: 588 - Pages: 3

Premium Essay

Test

...James Bach on Risk-Based Testing by James Bach This is risk-based testing: 1. Make a prioritized list of risks. 2. Perform testing that explores each risk. 3. As risks evaporate and new ones emerge, adjust your test effort to stay focused on the current crop. Any questions? Well, now that you know what risk-based testing is, I can devote the rest of the article to explaining why you might want to do it, and how to do it well. Why Do Risk-Based Testing? As a tester, there are certain things you must do. Those things vary depending on the kind of project you’re on, your industry niche, and so on. But no matter what else you do, your job includes finding important problems in the product. Risk is a problem that might happen. The magnitude of a risk is a joint function of the likelihood and impact of the problem—the more likely the problem is to happen, and the more impact it will have if it happens, the higher the risk associated with that problem. Thus, testing is motivated by risk. If you accept this premise, you might well wonder how the term "risk-based testing" is not merely redundant. Isn’t all testing risk-based? To answer that, look at food. We all have to eat to live. But it would seem odd to say that we do "food-based living." Under normal circumstances, we don’t think of ourselves as living from meal to meal. Many of us don’t keep records of the food we eat, or carefully associate our food with our daily activities. However, when we......

Words: 3876 - Pages: 16

Free Essay

Test

...  Test     Reportable  subjects  tested:   • • • • • • • • • • Fractions   Decimals   Percentage   Exponents   Equations   Algebraic  Equations   Word  Problems   Analytic  Geometry   Mensuration   Trigonometry     1. Multiply 0.06 by 0.021 A) 0.0126 B) 0.0000126 C) 0.00126 D) 0.126 E) None of these 2. Divide 4.2 by 0.07 A) 1.33 B) 60 C) 6 D) 600 E) None of these 3. 9 – 3 (2+6)÷6 -2 × 5 A)-2 B) 35 C) 5 D) -5 E) None of these SETAS-­‐SOT  2012     3   4. The decimal equivalent of A) 4.44 B) 2.25 C) 0.225 D) 0.0225 is: E) None of these 5. Express0.275 as a common fraction in lowest terms: A) B) C) D) E) None of these 6. Express A).4% B) 20% as a percent: C) 4% D) 2% E) None of these 7. 60% of $10.60 A) $1.63 B) $6.36 C) $63.60 D) $16.31 E) None of these 8. 24 is what percent of 40? A) 60% B) 3.75% C) 6% D) 37.5% E) None of these 9. 0.85 is 25% of what sum? A) 3.4 B) 34 C) 21.25 D) 2.125 E) None of these 10. 36 is what percent of 30? C) 120% D) 72% E) None of these A) 83.3% B) 90% SETAS-­‐SOT  2012     4   11. A) 90 6 is 15% of what number? B) 0.9 C) 2.5 D) 40 E) None of these 12. The population of Snowtown was 4500 in 1990. In 1994, it had decreased to 3600. Find the percent decrease in population during those four years. A) 80% B) 90% C) 16.2% D) 20% E) None of these 13. You receive a grade of 75% on a test......

Words: 2346 - Pages: 10

Free Essay

Test

...reverse chronological order. You can add tags to your pips, and you can post them with any name you like. In addition, you can delete your pips. AngularJS 101: A Beginner’s Tutorial Karmen Blake This tutorial on AngularJS will guide you through the fundamentals of the framework. You will explore the exciting benefits of using a client-side JavaScript framework to create dynamic and modern web applications. JEDI SENATUS: an italian open source project aims towards the systematic software reuse in organizations Ciro D’Urso, Alberto Persello, David Visicchio JEDI is a J2EE application that provides a centralized service aiming at significantly simplifying the generation of data driven documents in an enterprise environment. JUnit Test Should Include Assert Damian Czernous A static code analysis is an important part of the software development life cycle, but like every tool, it must be adjusted adequately to the reality of the project. 4 AngularJS Starter Kit Wrap collections Damian Czernous 53 58 60 The essence of Object Oriented Programming (OOP) can be captured by three words: polymorphism, inheritance and encapsulation (PIE). In the end, these terms represent specific object design concepts It takes time to gain proficiency in using PIE during software development process e.g. wrapping data collections can be seen as an example of encapsulation. It’s really awesome how wrapped collections look and how they release engineers from thinking......

Words: 22760 - Pages: 92

Free Essay

Test

...Test   Paper  Test.  How  does  this  work?Test   Paper  Test.  How  does  this  work?    Test   Paper  Test.  How  does  this  work?   Test   Paper  Test.  How  does  this  work?    vvvTest   Paper  Test.  How  does  this  work?   Test   Paper  Test.  How  does  this  work?   Test   Paper  Test.  How  does  this  work?Test   Paper  Test.  How  does  this  work?   Test   Paper  Test.  How  does  this  work?   Test   Paper  Test.  How  does  this  work?     Test   Paper  Test.  How  does  this  work?Test   Paper  Test.  How  does  this  work?    Test   Paper  Test.  How  does  this  work?   Test   Paper  Test.  How  does  this  work?    vvvTest   Paper  Test.  How  does  this  work?   Test   Paper  Test.  How  does  this  work?   Test   Paper  Test.  How  does  this  work?Test   Paper  Test.  How  does  this  work?   Test   Paper  Test.  How  does  this  work?   Test   Paper  Test.  How  does  this  work?         Test   Paper  Test.  How  does  this  work?Test   Paper  Test.  How  does  this  work?   ...

Words: 351 - Pages: 2

Premium Essay

Test

...This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file. This is a test file....

Words: 336 - Pages: 2

Free Essay

Test

... Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden. Ik test dit met 250 woorden....

Words: 290 - Pages: 2

Premium Essay

Test

... 890,000 infants are born each year. Since the 1960s, each individual born in a hospital is screened soon after birth for medical conditions such as phenylketonuria and sickle cell anemia via obtaining a few drops of blood from the baby’s heel as part of standard hospital procedure, irrespective of parental consent. These tests commonly analyze hormone and protein content from the samples. Each state oversees their own screening program and currently there is little uniformity among the conditions studied. The costs of these tests vary from $15 to $60 and are often covered through state fees and by health insurance plans. The addition of mandatory postnatal genome sequencing would add a tremendous burden to the healthcare system. Whole genome sequencing tests can currently cost around $1000, creating a deficit of around 4 billion dollars a year. Parents would be required to meet with a genetic counselor to interpret the data and the functionality of many genes has yet to be discovered. There is room for tremendous ambiguity without prior research and a shortage of qualified individuals to interpret all the data. False positive test results for genetic tests occur, on average, more than 50 times per every true positive finding according to a study conducted by Kwon et al from JAMA Pediatrics. This could potentially lead to an increase of vulnerable child syndrome, a condition that affects the family of an infant or child who has suffered what the parents believe is a “close......

Words: 551 - Pages: 3

Premium Essay

Test

...Testing Life Cycle (STLC). The different stages in Software Test Life Cycle - Each of these stages have a definite Entry and Exit criteria  , Activities & Deliverables associat In an Ideal world you will not enter the next stage until the exit criteria for the previous stage practically this is not always possible. So for this tutorial , we will focus of activities and delive different stages in STLC. Lets look into them in detail. http://www.guru99.com/software­testing­life­cycle.html 1/12 6/28/2015 Software Testing Life Cycle STLC Requirement Analysis During this phase, test team studies the requirements from a testing point of view to identify requirements. The QA team may interact with various stakeholders (Client, Business Analyst, System Architects etc) to understand the requirements in detail. Requirements could be eith (defining what the software must do) or Non Functional (defining system performance /secur .Automation feasibility for the given testing project is also done in this stage. Activities Identify types of tests to be performed.  Gather details about testing priorities and focus. Prepare Requirement Traceability Matrix (RTM). Identify test environment details where testing is supposed to be carried out.  Automation feasibility analysis (if required). Deliverables RTM Automation feasibility report. (if applicable) Test Planning This phase is also called Test Strategy phase. Typically , in this stage, a......

Words: 1712 - Pages: 7

Free Essay

Test

...Quantitative research methods in educational planning Series editor: Kenneth N.Ross Module John Izard 6 Overview of test construction UNESCO International Institute for Educational Planning Quantitative research methods in educational planning These modules were prepared by IIEP staff and consultants to be used in training workshops presented for the National Research Coordinators who are responsible for the educational policy research programme conducted by the Southern and Eastern Africa Consortium for Monitoring Educational Quality (SACMEQ). The publication is available from the following two Internet Websites: http://www.sacmeq.org and http://www.unesco.org/iiep. International Institute for Educational Planning/UNESCO 7-9 rue Eugène-Delacroix, 75116 Paris, France Tel: (33 1) 45 03 77 00 Fax: (33 1 ) 40 72 83 66 e-mail: information@iiep.unesco.org IIEP web site: http://www.unesco.org/iiep September 2005 © UNESCO The designations employed and the presentation of material throughout the publication do not imply the expression of any opinion whatsoever on the part of UNESCO concerning the legal status of any country, territory, city or area or of its authorities, or concerning its frontiers or boundaries. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means: electronic, magnetic tape, mechanical, photocopying, recording or otherwise, without......

Words: 13966 - Pages: 56