Penetration Testing with BackBox

Book Description

An introductory guide to performing crucial penetration testing operations using Backbox

Overview

• Experience the real world of penetration testing with Backbox Linux using live, practical examples
• Gain an insight into auditing and penetration testing processes by reading though live sessions
• Learn how to carry out your own testing using the latest techniques and methodologies

In Detail

BackBox is an amazing Linux security distribution designed to keep in mind the needs of security and system administration specialists. It has been developed to perform penetration tests and security assessments. Designed to be fast and easy to use while providing a minimal yet complete desktop environment, Backbox comes with its own software repositories and is continually updated to the latest stable version of the most widely used and best-known ethical hacking tools.

This book provides an exciting introduction to BackBox Linux in order give you familiarity with and understanding of this amazing Linux security distro, making you feel comfortable with both the subject of pen-testing and BackBox. The book progresses through topics based on standard cases of penetration testing from the initial steps to the final procedures.

This book will help you discover the exciting world of penetration testing through a series of step-by-step, practical lessons. Penetration Testing with BackBox is organized into eight chapters. Starting with an introduction to BackBox Linux in order to give you a solid grounding of this amazing Linux security distro, including both its design philosophy and feature set, before moving on to practical tutorials in using BackBox. The book is arranged in a chronological order based on standard cases of penetration testing. For those more experienced in the use of penetration testing tools, each chapter can be read independently, providing a detailed overview of how BackBox will augment your arsenal of tools at each step of the penetration testing process.

Throughout this book, you will be given a clear picture of IT security cases by having one of the most popular topics of penetration testing demonstrated in a user-friendly way. By the end of the book, you will have learned all the fundamental skills needed to use BackBox for ethical hacking.

What you will learn from this book

• Perform reconnaissance and collect information about an unknown system
• Perform vulnerability scanning, management, and assessment, as well as understand false positives
• Understand how SQL injection attacks work and find injectable pages on a web server
• Sniff the network to capture sensitive data and learn different methods of privilege escalation
• Maintain permanent access on a target server once access is initially granted
• Use exploitation tools like Metasploit to exploit the reported vulnerabilities
• Learn how to document and generate reports from the entire auditing process

Approach

This practical book outlines the steps needed to perform penetration testing using BackBox. It explains common penetration testing scenarios and gives practical explanations applicable to a real-world setting.

Who this book is written for

This book is written primarily for security experts and system administrators who have an intermediate Linux capability. However, because of the simplicity and user-friendly design, it is also suitable for beginners looking to understand the principle steps of penetration testing.

Table of Contents

Chapter 1: Starting Out with BackBox Linux
Chapter 2: Information Gathering
Chapter 3: Vulnerability Assessment and Management
Chapter 4: Exploitations
Chapter 5: Eavesdropping and Privilege Escalation
Chapter 6: Maintaining Access
Chapter 7: Penetration Testing Methodologies with BackBox
Chapter 8: Documentation and Reporting

中文：

书名：Penetration Testing with BackBox

使用Backbox执行关键渗透测试操作的入门指南

Overview

• 使用实时、实用的示例体验Backbox Linux渗透测试的真实世界
• 通过现场阅读了解审核和渗透测试流程
• 了解如何使用最新的技术和方法执行您自己的测试

In Detail

Backbox是一个令人惊叹的Linux安全发行版，旨在满足安全和系统管理专家的需求。它的开发目的是进行渗透测试和安全评估。Backbox旨在快速、易于使用，同时提供最小但完整的桌面环境，它带有自己的软件库，并不断更新到最广泛使用和最知名的道德黑客工具的最新稳定版本。

这本书提供了一个令人兴奋的Backbox Linux的介绍，让你熟悉和理解这个令人惊叹的Linux安全发行版，让你对笔测试和Backbox这两个主题感到舒服。这本书通过基于渗透测试的标准案例从最初的步骤到最终程序的主题进行进展。

这本书将通过一系列循序渐进的实践课程帮助您发现令人兴奋的渗透测试世界。背箱渗透测试共分为八章。从Backbox Linux的介绍开始，以便让您对这个令人惊叹的Linux安全发行版有一个坚实的基础，包括它的设计理念和功能集，然后转到使用Backbox的实用教程。这本书是按照时间顺序排列的，以渗透测试的标准案例为基础。对于那些在使用渗透测试工具方面更有经验的人，可以独立阅读每一章，提供Backbox如何在渗透测试过程的每个步骤中增强您的工具库的详细概述。

在这本书中，通过以用户友好的方式演示最流行的渗透测试主题之一，您将对IT安全案例有一个清晰的了解。在这本书的最后，你将学会使用Backbox进行道德黑客攻击所需的所有基本技能。

你将从这本书中学到什么

• 执行侦察并收集有关未知系统的信息
• 执行漏洞扫描、管理和评估，并了解误报
• 了解SQL注入攻击的工作原理并在Web服务器上查找可注入页面
• 嗅探网络以捕获敏感数据并了解不同的权限提升方法
• 在最初授予访问权限后，在目标服务器上保持永久访问权限
• Use exploitation tools like Metasploit to exploit the reported vulnerabilities
• 了解如何在整个审核过程中记录和生成报告

Approach

这本实用的书概述了使用Backbox进行渗透测试所需的步骤。它解释了常见的渗透测试场景，并提供了适用于真实环境的实用解释。

这本书是为谁写的

本书主要面向具有中等Linux能力的安全专家和系统管理员。然而，由于设计简单和用户友好，它也适合于希望了解渗透测试的基本步骤的初学者。

Table of Contents

Chapter 1: Starting Out with BackBox Linux
第二章：信息收集
第三章：漏洞评估和管理
Chapter 4: Exploitations
Chapter 5: Eavesdropping and Privilege Escalation
第6章：维护访问
第7章：基于Backbox的渗透测试方法
第8章：文件和报告