TechSpot

Linux: Penetration Testing Programs

By kuksoolkid
May 26, 2010
  1. Im going to college for a computer science degree and i was advised to get used to the linux os. I did so and during this time i found out that there are pentesting courses at the college for a masters degree. I researched some linux distros and found that the new backtracks 4 is the best for, i dare say "hacking", the only problem i found was that it was heavy. My question therefore is which are the most useful programs for a student wanting to become a good professional pentester or off in that field direction.

    I am currently running arch linux an have found that to be my fav.
     
  2. jobeard

    jobeard TS Ambassador Posts: 13,446   +324

    hmm; PennTesting? I'm sure you are refering to Penetration Testing and if so highly recommend using the full name in the title of your posting :)

    I'll respond if you concur that is the subject of the post....
     
  3. kuksoolkid

    kuksoolkid TS Rookie Topic Starter

    yes that is what i'm talking about just didn't want anyone making immature posts if i did use the full name. And if people knew enough about it they would be the only ones to pick up on it, like yourself, and leave a response that wasn't just crap.
     
  4. jobeard

    jobeard TS Ambassador Posts: 13,446   +324

    there's a reasonable reference at Wiki

    Penetration can refer to getting inside a guarded facility (eg: a fortified army base with armed guards)
    as well as accessing network and systems protected by a perimeter gateway or firewall.
    The problem is to 'breach' one layer at a time until something of interest is found.

    In the network context, this means getting past a router with NAT and SPI features, so your immediately
    into deeper layers of TCP programming. The packets must look like part of an existing data flow (to get past SPI)
    AND contain a payload that is destined for a specific LAN ip address AND be targeted to a service 'thought to be' active to receive the payload.

    A browser is frequently a target of choice, and email phishing or bogus website pages are used to get the user to invite the payload into the browser - - thus bypassing the NAT/SPI issue altogether :)

    Another 'attack' is the SQL Injection (which you should google).

    As to existing software off the shelf that does this kind of stuff - - none are free as there's a TON of development time needed to make this work.

    For school, I would assume the exercise is to describe how-to do this and not write or actually attempt the breach. The Wiki above should get you started.
     
  5. kuksoolkid

    kuksoolkid TS Rookie Topic Starter

    alright will do and thanks for the info
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.