In my last post we have successfully installed BackTrack on virtualbox. Today we will
get familiar with basic backtrack commands and some network services.After installing, when first time your machine boots up it prompts you to enter log incredentials.
By default the Log in username is root and password is toor .After logging type startx to enter GUI mode.
Changing the default password
root@bt:~# passwd
Enter new UNIX password: Your Password
Retype new UNIX password: Your Password
passwd: password updated successfully
root@bt:~#
Updating application and operating system
Updating your application and operating system is very useful, it provides you the latest
security patches and It also keeps your applications up-to-date so that the latest testing
techniques and tools can be taken advantage of!
By default, BackTrack is set up to use only the BackTrack repositories.you can see the
the repositories content by looking at /etc/apt/sources.list file.
The first command is the advanced packaging tools (APT) update function. This will
synchronize the package index files to ensure that you have information about the latest
packages available. The update functionality should be used prior to installing any software
or updating your installed packages. The Command is :-
# apt-get update
After updating. All installed packages will be updated to the latest release. Then type
command:-
# apt-get upgrade
Now i'll move on to some basic network services provided by BackTrack.BackTrack provides
various useful network services like dhcp, tftpd, ssh, vnc server,httpd etc..
DHCP
Dhcp is dynamic host configuration protocol it allows you to set up IP address dynamically
for more information visit http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
Acquiring an address by DHCP is simple.Type in dhcpcd <interface>, and ifconfig <interface>
to see that it's up.
BT ~ # dhcpcd eth0
eth0: link up
BT ~ #
Assigning Static IP address
The following example shows how to set a static IP address assuming :
Host IP : 192.168.0.2
Subnet mask : 255.255.255.0
Default gateway : 192.168.0.1
DNS Server : 192.168.0.222
BT ~ # ifconfig eth0 192.168.0.4/24
BT ~ # route add default gw 192.168.0.1
BT ~ # echo nameserver 192.168.0.222 > /etc/resolv.conf
Apache
You control the Apache server using the apachectl stop / start commands:
BT ~ # apachectl start
/usr/local/apache/bin/apachectl start: httpd started
BT ~ #
Try browsing to your localhost address to see if the HTTP server is up and running.
To stop the HTTPD server :
BT ~ # apachectl stop
/usr/local/apache/bin/apachectl stop: httpd stopped
BT ~ #
SSH
The SSH server is very useful in SSH Tunneling, SCP file transfers, remote access etc.
Before the SSH server is started for the first time, SSH keys need to be generated.
If you attempt to start the SSHD server before you've created your keys, you'll get an
error similar to this:
BT ~ # /usr/sbin/sshd
NET: Registered protocol family 10
lo: Disabled Privacy Extensions
IPv6 over IPv4 tunneling driver
Could not load host key: /etc/ssh/ssh_host_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
.........................etc etc.
To start the SSHD server, issue the following commands:
BT ~ # sshd-generate
Generating public/private rsa1 key pair.
Your identification has been saved in /etc/ssh/ssh_host_key.
Your public key has been saved in /etc/ssh/ssh_host_key.pub.
The key fingerprint is:
6b:df:63:50:e5:3d:55:11:18:9d:f6:ec:0d:f8:fc:08 root@BT
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
40:3d:5a:f8:74:6e:35:ca:89:46:e3:26:e3:83:05:c3 root@BT
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
d9:8e:c0:68:d9:82:00:4b:32:83:e6:0e:ca:ec:89:c4 root@BT
BT ~ # /usr/sbin/sshd
The SSH service always use port number 22.So, you can verify that service
is started by simply typing :-
BT ~ #netstat -ant |grep 22
Tftpd
A Tftpd server is useful in transferring files to or from a victim machine.
To start the Tftpd, issue the following commands:
BT ~ # atftpd --daemon --port 69 /tmp
BT ~ #
This will start a Tftp server serving files from /tmp. Tftpd server uses port number
69 so, you can varify it by typing :-
BT ~ # netstat -anu |grep 69
udp 0 0 0.0.0.0:69 0.0.0.0:*
BT ~ #
To stop the Tftpd, use the pkill or kill command.
VNC
A VNC server is very useful for remote desktop sharing.To start the VNC server, simply
type vncserver. You will be prompted for a password and the VNC server will open on
port 5901.
BT ~ # vncserver
You will require a password to access your desktops.
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
New 'X' desktop is BT:1
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/BT:1.log
BT ~ # netstat -ant |grep 5901
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
BT ~ #