LinuxQuestions.org
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Distributions (https://www.linuxquestions.org/questions/linux-distributions-5/)
-   -   BackTrack 5 R3 Gnome 64 does have .iso file from torrent link? (https://www.linuxquestions.org/questions/linux-distributions-5/backtrack-5-r3-gnome-64-does-have-iso-file-from-torrent-link-4175467005/)

minty33 06-22-2013 02:04 PM
oh okay so you do have a plan. i really wasn't sure why you were using bt i was not trying to be rude at all. i am always learning on this site myself and am no guru either. as for testing your web server i would say metasploit is a good tool for exploiting weak unpatched software but a good port scan using various options will give you a good idea of what an attacker could find out about your server. see what kinda of goods the machine gives up on various scan methods. it is this info an attacker will use to target specific software via a platform like metasploit. once you know what they can see there are ways to reduce the avaialability of this info. alot of the info you need to lock down your server will be linux server security practices using iptables, .conf files and rules to have good restriction etc... not much backtrack will do on that end. here are two good books however one is on metasploit but the other is great book on security tools and in particular has a great chapter on recon with nmap. i think it is the right book i know it has a drill on the cover but somehow this looks different to me. i will check mine at home and make sure. if it is wrong i will post the correct one tonight.
http://www.amazon.com/Metasploit-The.../dp/159327288X
http://shop.oreilly.com/product/9780596009632.do

newbie14 06-23-2013 12:08 AM
Dear Minty,
Yes first thing we have used a firewall and limited access via the vpn. Secondly we are using key based ssh login and with fail2ban and iptables and also pam enabled. Besides that the centos is installed based on minimal installation just with either web server or db server accordingly. I will look into the books do share any other sites if you know that will be good for beginners.

John VV 06-23-2013 12:32 AM
If you have left CentOS 6.4 ( textonly server install) at the default settings
ALL ports are "stealth" blocked

as in they will NOT return a open or closed
cent will just NOT respond

so Nmap will not return much

newbie14 06-23-2013 12:47 AM
Dear John VV,
Yes is just the text base no gui. Thus from the firewall we open only certain port such as 80, 21 and 22 accordingly for web server and ssh. So what else can I do with BT to scan and find vulnerability?

John VV 06-23-2013 01:47 AM
Start with "Kali" , dump the idea of using the rather OLD bt5 ( it is based on the unsupported ubuntu 10.04 )
http://www.kali.org/

then learn how to use the tools that are in it
start with the documentation
http://docs.kali.org/

then for each tool, use that tools web site and forum .

Think of it as earning a BS or MS degree , and it will take a bit of time .


All times are GMT -5. The time now is 10:00 PM.
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page