Linux: Penetration Testing Programs

Status
Not open for further replies.
K

kuksoolkid

Im going to college for a computer science degree and i was advised to get used to the linux os. I did so and during this time i found out that there are pentesting courses at the college for a masters degree. I researched some linux distros and found that the new backtracks 4 is the best for, i dare say "hacking", the only problem i found was that it was heavy. My question therefore is which are the most useful programs for a student wanting to become a good professional pentester or off in that field direction.

I am currently running arch linux an have found that to be my fav.
 
hmm; PennTesting? I'm sure you are refering to Penetration Testing and if so highly recommend using the full name in the title of your posting :)

I'll respond if you concur that is the subject of the post....
 
yes that is what i'm talking about just didn't want anyone making immature posts if i did use the full name. And if people knew enough about it they would be the only ones to pick up on it, like yourself, and leave a response that wasn't just crap.
 
there's a reasonable reference at Wiki

Penetration can refer to getting inside a guarded facility (eg: a fortified army base with armed guards)
as well as accessing network and systems protected by a perimeter gateway or firewall.
The problem is to 'breach' one layer at a time until something of interest is found.

In the network context, this means getting past a router with NAT and SPI features, so your immediately
into deeper layers of TCP programming. The packets must look like part of an existing data flow (to get past SPI)
AND contain a payload that is destined for a specific LAN ip address AND be targeted to a service 'thought to be' active to receive the payload.

A browser is frequently a target of choice, and email phishing or bogus website pages are used to get the user to invite the payload into the browser - - thus bypassing the NAT/SPI issue altogether :)

Another 'attack' is the SQL Injection (which you should google).

As to existing software off the shelf that does this kind of stuff - - none are free as there's a TON of development time needed to make this work.

For school, I would assume the exercise is to describe how-to do this and not write or actually attempt the breach. The Wiki above should get you started.
 
Status
Not open for further replies.

Similar threads

Julio Franco
Did you know you might not need a degree to get a top tech job?
Replies
1
Views
684
Dimitriid
Dimitriid
Shawn Knight
Computer and Information Sciences degrees are the most loved among recent grads
Replies
11
Views
960
Knot Schure
Knot Schure
Cal Jeffrey
Iowa hired a cybersecurity firm to do penetration testing, then arrested its workers
2
Replies
28
Views
5K
James Hall
James Hall

Latest posts

Back