Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Book Review: BackTrack 4: Assuring Security by Penetration Testing

samzenpus posted more than 3 years ago | from the read-all-about-it dept.

Security 51

RickJWagner writes "Watch out, System Admins. The floodgates to BlackHat Hackerdom are now open. Packt Publishing has just released BackTrack 4: Assuring Security by Penetration Testing, a how-to book based on the freely available BackTrack 4 Linux distribution. The intent of the book is to educate security consultants on the use of this devastatingly complete Hacker's toolkit, and to provide sage words of advice on how to conduct yourself as a penetration testing consultant. On both counts, the authors do well." Keep reading for the rest of Rick's review.I have to admit, at first blush I wasn't impressed by the book. I usually start looking a tech book over by thumbing through it, quickly glancing over snippets every chapter or so to get a feel for how the book is written. My initial impression was that the book contained many 2-page introductions to what appeared to be system tools, showing how to invoke them and the type of text output they would produce. Who needs that, I thought? I settled down to read the text front to back, then realized the full horror of what I was reading. More on that later.

The book starts out telling you how to find BackTrack 4, how to install it or run it as a live DVD, and how to get the parts working. Suffice it to say this is all easy for anyone who's installed a Linux distribution before.

Next up, the authors cover some solid basics for the would-be security professional. There are other tips throughout the book, too-- what kinds of written agreements you should have, what types of reports you should produce, and generally how you should conduct yourself. Well done, and I'm sure anyone reading this book will have the thought that maybe they'll go into business doing this someday. At least that's what I hope everyone is thinking, because after that the gloves are off and you are shown the dark side of this magnificent machinery.

The authors outline a disciplined framework for penetration testing. By myself, I never would have considered such a thing, but these guys clearly have given this a lot of time and effort. The following chapters are broken out into each phase, and within those chapters the various tools of the trade are grouped. (So you'd find the tools that can provide you with a reverse shell in the 'Target Exploitation' chapter, for example.)

The first phase is Information Gathering, and here the reader is introduced to several tools that can glean information like domain names, IP addresses, host names, and other data that can identify potential targets. The 2-page tool introductions I mentioned earlier contain all the tools that do this kind of work. There's enough introductory material to let you figure out which ones you want to try (it seems each chapter covers at least a dozen tools), and how to get started.

Target Discovery is the next phase, it's all about finding hosts and identifying operating systems. Again, no malicious stuff goes on yet, just methodically gathering information. Par for the course, there are a variety of tools presented to help the user.

Target Enumeration is next. The user is exposed to applications that can help find which ports are open, which services (i.e. MySQL) are running, and even what kinds of VPN are present. By the way, throughout the book the authors throw in brief but relevant snippets concerning the topic at hand. As an example, in this chapter you'll find an example of the TCP protocol (SYN, SYN-ACK, etc.) that will tell you when a port's available and when it's not. There's more of this kind of information throughout the book, too. Some of it I knew (not much, really) and some I didn't, so I felt the book advanced my basic knowledge of IT systems in some ways.

Now that the user has all this useful information, they can proceed on to Vulnerability Mapping. Here the tools are used to help calculate which vulnerabilities might exist in the targeted systems.

The following chapters are where the really bad toys come out. They deal with Target Exploitation, Privilege Escalation, and Maintaining Access. True to their titles, they tell all about how the user can attack the targeted systems, set up shop, and leave a backdoor for returning later.

Of course, no good book on penetration technique would be complete without a chapter on Social Engineering, and so we have one here as well. Hardcore hackers might look down their nose at such a thing, but I imagine this is really one of the more effective avenues of attack.

So, who is this book good for? First, for security professionals. They'll want to get a copy just so they can be sure they understand what they're up against, and how to check their own systems using the same tools the bad guys have. Second, programmers with an active sense of curiosity. I fall into this category. Lastly, the bad guys will probably buy a copy (or pirate one), unfortunately. I hope they're too lazy to read it well and end up getting busted and thrown in the clink. Maybe they can talk ethics in programming with Hans Reiser while they're awaiting parole.

If your livelihood depends on keeping a secure environment, you probably ought to get a copy of this book for your in-house penetration tester. It's an eye-opener.

You can purchase BackTrack 4: Assuring Security by Penetration Testing from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×

51 comments

BackTrack 5 is free software (4, Informative)

ciaran_o_riordan (662132) | more than 3 years ago | (#36097636)

http://www.backtrack-linux.org/backtrack/backtrack-5-release-tool-suggestions/ [backtrack-linux.org]

Perhaps most importantly BackTrack 5 âoerevolutionâ will be our first release to include full source code in its repositories. This is a big thing for us, as it officially joins us to the open-source community and clears up any licensing issues which were present in BackTrack 4.

Re:BackTrack 5 is free software (1)

bobaferret (513897) | more than 3 years ago | (#36097942)

Looks like Backtrack 5 came out yesterday. Anyone know how well 5 works with the book. Ie. should the book be considered a decent generalized approach to PEN testing and still be purchased on that account, or just ignored.

Re:BackTrack 5 is free software (2)

Desler (1608317) | more than 3 years ago | (#36098070)

Well this keeps up with the trend of Packt releasing numerous books on Drupal 5 when Drupal 6 had an eminent release.

Re:BackTrack 5 is free software (1)

Desler (1608317) | more than 3 years ago | (#36098146)

Sorry, I meant Drupal 6 when Drupal 7 had an eminent release.

Re:BackTrack 5 is free software (1)

Anonymous Coward | more than 3 years ago | (#36098176)

You *really* meant imminent...

Re:BackTrack 5 is free software (1)

Desler (1608317) | more than 3 years ago | (#36098212)

Maybe. I didn't bother to proofread.

Re:BackTrack 5 is free software (1)

khr (708262) | more than 3 years ago | (#36098324)

I didn't bother to proofread.

Planning to write a book for Packt?

Re:BackTrack 5 is free software (1)

Desler (1608317) | more than 3 years ago | (#36098424)

I could use a few thousand dollars. You don't even seem to need to be an expert on the software to write a Packt book. You can basically just cut and paste from online documentation.

I'm a professional penetration tester (4, Insightful)

bugs2squash (1132591) | more than 3 years ago | (#36097648)

I dunno, it has the innuendo and sounds official, but is is a believable chat-up line ?

Re:I'm a professional penetration tester (1)

VortexCortex (1117377) | more than 3 years ago | (#36097862)

I dunno, it has the innuendo and sounds official, but is is a believable chat-up line ?

Probably not, but it might work at a swinger's club with a slight modification:
"I'm a professional penetration taster"

Re:I'm a professional penetration tester (4, Funny)

ravenspear (756059) | more than 3 years ago | (#36097866)

Yes, you can penetrate my security holes.

I hear you have a large set of tools at your disposal.

Re:I'm a professional penetration tester (1)

Shark (78448) | more than 3 years ago | (#36098954)

I'm not sure which is worse. Large set of tools or set of large tools?

Re:I'm a professional penetration tester (1)

laejoh (648921) | more than 3 years ago | (#36097976)

You only need to add these tags:

<voice type="Barry White"> I'm a professional penetration tester. </voice>

Backtrack 5 was released yesterday (0)

Anonymous Coward | more than 3 years ago | (#36097658)

I'm not sure if the guy who wrote this book has heard yet, but BackTrack 5 was released yesterday. GG writing a book on old software.

Re:Backtrack 5 was released yesterday (0)

mybeat (1516477) | more than 3 years ago | (#36097792)

GL on selling a book about old software, bad timing I guess.

Re:Backtrack 5 was released yesterday (3, Informative)

Lanforod (1344011) | more than 3 years ago | (#36097896)

hard to call it 'old' software, when backtrack 4 was released in November 2010. I'm sure most of the tools remain the same, with some updates/changes, so the book would be relevant for much of backtrack 5 too.

Re:Backtrack 5 was released yesterday (1)

slashnik (181800) | more than 3 years ago | (#36097964)

I very much doubt that a new release of Backtrack will change the utility of this book.

Re:Backtrack 5 was released yesterday (1)

Desler (1608317) | more than 3 years ago | (#36098880)

Packt books have utility? You're joking, right? Packt books are notoriously inaccurate and poorly written.

Re:Backtrack 5 was released yesterday (1)

M1FCJ (586251) | more than 3 years ago | (#36099434)

You can always use it as a monitor stand or a door stop. At worst, it's always handy when you run out of the bog roll.

Another PACKT review? (1)

anyaristow (1448609) | more than 3 years ago | (#36097714)

Could we at least have an explanation, or full disclosure, or something? Why so many PACKT reviews? Free samples? A sponsor? WHat is it?

Re:Another PACKT review? (0)

Anonymous Coward | more than 3 years ago | (#36097944)

Its to offset all the drupal books. After you read this, you'll want to serve all your web pages via snail mail.

Re:Another PACKT review? (0)

Anonymous Coward | more than 3 years ago | (#36098044)

All the Drupal books are also from Packt, though...

Reviews of Non-Packt books? (3, Interesting)

MikeTheGreat (34142) | more than 3 years ago | (#36097932)

I'm curious about this spate of Slashvertising for Packt books. Is the problem that no-one is writing any other book reviews, or is the problem that Packt is gaming the slashdot system to get these posted?

Re:Reviews of Non-Packt books? (4, Informative)

Desler (1608317) | more than 3 years ago | (#36098060)

Seriously. This is the 3rd packt review in just a week. And as usual RickJWagner gives it his usual 8/10 or as in this case a 9/10 rating.

i dont' mean to be combative but why is it scary? (4, Interesting)

sgt scrub (869860) | more than 3 years ago | (#36098024)

don't most unix admins keep eyes open on ports, connections, user information, etc...? not scared yet.
taking advantage of visibility tools and keeping up with what tools are available should be a skill owned by every administrator.

it examines tools to probe known issues of unpatched daemons with known exploits. sorry, i'm still not scared.
if an administrator does not keep a system up to date throw them out the door, run over them twice, THEN tell them they are fired.

that being said, i'll agree, the book is very good. it details modern tools and how to use them. some of the tools let the administrator get ahead of potential 0 day exploits and weed out poorly written code. it gets my vote for the top 10 must read books for network/system administrators and at least top 5 for security engineers.

Re:i dont' mean to be combative but why is it scar (0)

Anonymous Coward | more than 3 years ago | (#36101914)

Good unix admins do however what about the plethora of Windows admins who don't know what TCP is? One of our security consultants does all our pen testing and very few admins have ever detected his attacks/activity.

Re:i dont' mean to be combative but why is it scar (0)

Anonymous Coward | more than 3 years ago | (#36105068)

Would you be kind enough to share your top 10 list with us?
Thanks

Re:i dont' mean to be combative but why is it scar (0)

Anonymous Coward | more than 3 years ago | (#36108492)

i'm not exactly well read but i'll give you the most important ones i've read, off the top of my head. note: they are not in order of importance and they are important because they taught me how much i didn't know so i could fix me.

silence on the wire
hacking exposed linux
lpi linux certification in a nutshell.
rootkits subverting the windows kernel
steal this book
gray hat python

Hehe... He said "penetration".... (0)

Anonymous Coward | more than 3 years ago | (#36098272)

Hey! Give me a break! It's a reference to.... sorry... I don't remember which series it's about. Simpsons? South Park? Family Guy? Oh, did I just mix them up? Did I insult anybody with that?

Re:Hehe... He said "penetration".... (0)

Anonymous Coward | more than 3 years ago | (#36098874)

"Hehe... He said "penetration"...."

You were referencing Beavis and Butthead.

a 70s Porno? (2)

Virtucon (127420) | more than 3 years ago | (#36098344)

Why does this all sound like a bad Porno Title?

Queue the bwap chicky bwap music!

WEP = insecure (0)

Anonymous Coward | more than 3 years ago | (#36098520)

Wireless networks with WEP security are frighteningly easy to infiltrate. It's the WiFi equivalent of using "password" as your password.

Is the reviewer qualified? (0)

Anonymous Coward | more than 3 years ago | (#36098630)

I would expect this book to be reviewed by a penetration tester or at least a security engineer. I'm not sure I trust a Cobol/Java programmer to really know how well the book covers the topics here.

Re:Is the reviewer qualified? (1)

Desler (1608317) | more than 3 years ago | (#36098684)

The check he receives from Packt along with the book is all the qualifications he needs to be an expert on any subject that a Packt author writes about.

I would read it, but there's no Kindle version. (0)

Anonymous Coward | more than 3 years ago | (#36098670)

That is all.

Hey look, it's an advertisement! (0)

Anonymous Coward | more than 3 years ago | (#36098712)

Stay classy, Slashdot.

Reminds me of the best job posting ever (1)

dargaud (518470) | more than 3 years ago | (#36098846)

"Penetration tester [...] you will play an exciting and fundamental role [...] Live penetrations of locked down hosts..." — From a job posting on securityfocus.com.

Packt Publishing..AGAIN? (0)

Anonymous Coward | more than 3 years ago | (#36099064)

Another Packt review? Seriously?

Here, let me save you the cover price (1)

z4ns4stu (1607909) | more than 3 years ago | (#36099924)

http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training [offensive-security.com]

By the nice folks who distribute BackTrack Linux, by the way.

And I thought... (0)

Anonymous Coward | more than 3 years ago | (#36099930)

that people only used BackTrack for WEP cracking.

Is Slashdot owned by Packt now? (0)

Anonymous Coward | more than 3 years ago | (#36100324)

Seriously, the Packtvertisements are getting pretty deep here.

Readers have already said enough [slashdot.org] . To summarize: Packt turns out junk, and they have no place on any technie's bookshelf. Please stop promoting them here.

Yesterday.... (1)

FunkyRider (1128099) | more than 3 years ago | (#36100474)

I penetrated your mom, twice!

Jaysus criminey, /., you are killing me here. (1)

sco08y (615665) | more than 3 years ago | (#36100680)

Watch out, System Admins. The floodgates to BlackHat Hackerdom are now open.

This isn't just Captain Obvious.

This is Captain Obvious after he's been beaten half to death by a mob wielding stupid bats, been gene spliced with a tardosaurus rex, and then got a lobotomy from Dr. Mengele.

BackTrack 4 support has ended (0)

Anonymous Coward | more than 3 years ago | (#36101960)

Shame the Book is focused on a product which is no longer supported, and has no more official downloads from the BackTrack team...

www.happyshopping100.com (1)

irisxxx (2143800) | more than 3 years ago | (#36102390)

our website: http://www.happyshopping100.com/ [happyshopping100.com] watches price 75$ Air jordan(1-24)shoes $30 Nike sh ox(R4,NZ,OZ,TL1,TL2,TL3) $35 Hndbags(Coach lv fendi d&g) $35 Tshirts (Polo ,ed hardy,lacoste) $16 Jean(True Religion,ed hardy,coogi) $30 Sunglasses(Oakey,coach,gucci,Armaini) $15 New era cap $10 Bikini (Ed hardy,polo) $25 FREE SHIPPING,accept paypal free shipping accept paypal credit card lower price fast shippment with higher quality BEST QUALITY GUARANTEE!! SAFTY & HONESTY GUARANTEE!! FAST & PROMPT DELIVERY GUARANTEE!! **** http://www.happyshopping100.com/ [happyshopping100.com] ***

TSA (0)

Anonymous Coward | more than 3 years ago | (#36102540)

Isn't this the TSA's strategy?

Seo Solutions (0)

Anonymous Coward | more than 3 years ago | (#36103186)

The Search Engine Optimization as it is commonly known is the technique used for the purpose of web marketing which helps in increasing the visibility of a website and to make it gain a better ranking on the search engine result pages.
=====

Wow, what a timely publication (1)

Legion303 (97901) | more than 3 years ago | (#36104580)

BT5 was released yesterday.

Re:Wow, what a timely publication (1)

Desler (1608317) | more than 3 years ago | (#36107072)

Well that's the Packt way. They make sure to always be at least a version behind by the time they get a book to market.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...