Book Review: BackTrack 4: Assuring Security by Penetration Testing

RickJWagner writes "Watch out, System Admins. The floodgates to BlackHat Hackerdom are now open. Packt Publishing has just released BackTrack 4: Assuring Security by Penetration Testing, a how-to book based on the freely available BackTrack 4 Linux distribution. The intent of the book is to educate security consultants on the use of this devastatingly complete Hacker's toolkit, and to provide sage words of advice on how to conduct yourself as a penetration testing consultant. On both counts, the authors do well." Keep reading for the rest of Rick's review.

BackTrack 4: Assuring Security by Penetration Testing
author	Shakeel Ali, Tedi Heriyanto
pages	392
publisher	Packt
rating	9/10
reviewer	Rick J Wagner
ISBN	1849513945
summary	Covers the core of BackTrack with real-world examples and step-by-step instructions

I have to admit, at first blush I wasn't impressed by the book. I usually start looking a tech book over by thumbing through it, quickly glancing over snippets every chapter or so to get a feel for how the book is written. My initial impression was that the book contained many 2-page introductions to what appeared to be system tools, showing how to invoke them and the type of text output they would produce. Who needs that, I thought? I settled down to read the text front to back, then realized the full horror of what I was reading. More on that later.

The book starts out telling you how to find BackTrack 4, how to install it or run it as a live DVD, and how to get the parts working. Suffice it to say this is all easy for anyone who's installed a Linux distribution before.

Next up, the authors cover some solid basics for the would-be security professional. There are other tips throughout the book, too-- what kinds of written agreements you should have, what types of reports you should produce, and generally how you should conduct yourself. Well done, and I'm sure anyone reading this book will have the thought that maybe they'll go into business doing this someday. At least that's what I hope everyone is thinking, because after that the gloves are off and you are shown the dark side of this magnificent machinery.

The authors outline a disciplined framework for penetration testing. By myself, I never would have considered such a thing, but these guys clearly have given this a lot of time and effort. The following chapters are broken out into each phase, and within those chapters the various tools of the trade are grouped. (So you'd find the tools that can provide you with a reverse shell in the 'Target Exploitation' chapter, for example.)

The first phase is Information Gathering, and here the reader is introduced to several tools that can glean information like domain names, IP addresses, host names, and other data that can identify potential targets. The 2-page tool introductions I mentioned earlier contain all the tools that do this kind of work. There's enough introductory material to let you figure out which ones you want to try (it seems each chapter covers at least a dozen tools), and how to get started.

Target Discovery is the next phase, it's all about finding hosts and identifying operating systems. Again, no malicious stuff goes on yet, just methodically gathering information. Par for the course, there are a variety of tools presented to help the user.

Target Enumeration is next. The user is exposed to applications that can help find which ports are open, which services (i.e. MySQL) are running, and even what kinds of VPN are present. By the way, throughout the book the authors throw in brief but relevant snippets concerning the topic at hand. As an example, in this chapter you'll find an example of the TCP protocol (SYN, SYN-ACK, etc.) that will tell you when a port's available and when it's not. There's more of this kind of information throughout the book, too. Some of it I knew (not much, really) and some I didn't, so I felt the book advanced my basic knowledge of IT systems in some ways.

Now that the user has all this useful information, they can proceed on to Vulnerability Mapping. Here the tools are used to help calculate which vulnerabilities might exist in the targeted systems.

The following chapters are where the really bad toys come out. They deal with Target Exploitation, Privilege Escalation, and Maintaining Access. True to their titles, they tell all about how the user can attack the targeted systems, set up shop, and leave a backdoor for returning later.

Of course, no good book on penetration technique would be complete without a chapter on Social Engineering, and so we have one here as well. Hardcore hackers might look down their nose at such a thing, but I imagine this is really one of the more effective avenues of attack.

So, who is this book good for? First, for security professionals. They'll want to get a copy just so they can be sure they understand what they're up against, and how to check their own systems using the same tools the bad guys have. Second, programmers with an active sense of curiosity. I fall into this category. Lastly, the bad guys will probably buy a copy (or pirate one), unfortunately. I hope they're too lazy to read it well and end up getting busted and thrown in the clink. Maybe they can talk ethics in programming with Hans Reiser while they're awaiting parole.

If your livelihood depends on keeping a secure environment, you probably ought to get a copy of this book for your in-house penetration tester. It's an eye-opener.

You can purchase BackTrack 4: Assuring Security by Penetration Testing from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

BackTrack 5 is free software

[ciaran_o_riordan]

http://www.backtrack-linux.org/backtrack/backtrack-5-release-tool-suggestions/ [backtrack-linux.org]

Perhaps most importantly BackTrack 5 âoerevolutionâ will be our first release to include full source code in its repositories. This is a big thing for us, as it officially joins us to the open-source community and clears up any licensing issues which were present in BackTrack 4.

Re:

[Anonymous Coward]

And, released as of yesterday!

http://www.backtrack-linux.org/ [backtrack-linux.org] for more info or just go download it at http://www.backtrack-linux.org/downloads/ [backtrack-linux.org]

Re:

[bobaferret]

Looks like Backtrack 5 came out yesterday. Anyone know how well 5 works with the book. Ie. should the book be considered a decent generalized approach to PEN testing and still be purchased on that account, or just ignored.

Re:

[Desler]

Well this keeps up with the trend of Packt releasing numerous books on Drupal 5 when Drupal 6 had an eminent release.

Re:

[Desler]

Sorry, I meant Drupal 6 when Drupal 7 had an eminent release.

Re:

[Anonymous Coward]

You *really* meant imminent...

Re:

[Desler]

Maybe. I didn't bother to proofread.

Re:

[khr]

I didn't bother to proofread.

Planning to write a book for Packt?

Re:

[Desler]

I could use a few thousand dollars. You don't even seem to need to be an expert on the software to write a Packt book. You can basically just cut and paste from online documentation.

I'm a professional penetration tester

[bugs2squash]

I dunno, it has the innuendo and sounds official, but is is a believable chat-up line ?

Re:

[VortexCortex]

I dunno, it has the innuendo and sounds official, but is is a believable chat-up line ?

Probably not, but it might work at a swinger's club with a slight modification:
"I'm a professional penetration taster"

Re:I'm a professional penetration tester

[ravenspear]

Yes, you can penetrate my security holes.

I hear you have a large set of tools at your disposal.

Re:

[Shark]

I'm not sure which is worse. Large set of tools or set of large tools?

Re:

[laejoh]

You only need to add these tags:

<voice type="Barry White"> I'm a professional penetration tester. </voice>

Re:

[Lanforod]

hard to call it 'old' software, when backtrack 4 was released in November 2010. I'm sure most of the tools remain the same, with some updates/changes, so the book would be relevant for much of backtrack 5 too.

Re:

[slashnik]

I very much doubt that a new release of Backtrack will change the utility of this book.

Re:

[Desler]

Packt books have utility? You're joking, right? Packt books are notoriously inaccurate and poorly written.

Re:

[M1FCJ]

You can always use it as a monitor stand or a door stop. At worst, it's always handy when you run out of the bog roll.

Another PACKT review?

[anyaristow]

Could we at least have an explanation, or full disclosure, or something? Why so many PACKT reviews? Free samples? A sponsor? WHat is it?

Reviews of Non-Packt books?

[MikeTheGreat]

I'm curious about this spate of Slashvertising for Packt books. Is the problem that no-one is writing any other book reviews, or is the problem that Packt is gaming the slashdot system to get these posted?

Re:Reviews of Non-Packt books?

[Desler]

Seriously. This is the 3rd packt review in just a week. And as usual RickJWagner gives it his usual 8/10 or as in this case a 9/10 rating.

i dont' mean to be combative but why is it scary?

[sgt scrub]

don't most unix admins keep eyes open on ports, connections, user information, etc...? not scared yet.
taking advantage of visibility tools and keeping up with what tools are available should be a skill owned by every administrator.

it examines tools to probe known issues of unpatched daemons with known exploits. sorry, i'm still not scared.
if an administrator does not keep a system up to date throw them out the door, run over them twice, THEN tell them they are fired.

that being said, i'll agree, the book is very good. it details modern tools and how to use them. some of the tools let the administrator get ahead of potential 0 day exploits and weed out poorly written code. it gets my vote for the top 10 must read books for network/system administrators and at least top 5 for security engineers.

a 70s Porno?

[Virtucon]

Why does this all sound like a bad Porno Title?

Queue the bwap chicky bwap music!

Re:

[Desler]

The check he receives from Packt along with the book is all the qualifications he needs to be an expert on any subject that a Packt author writes about.

Reminds me of the best job posting ever

[dargaud]

"Penetration tester [...] you will play an exciting and fundamental role [...] Live penetrations of locked down hosts..." — From a job posting on securityfocus.com.

Here, let me save you the cover price

[z4ns4stu]

http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training [offensive-security.com]

By the nice folks who distribute BackTrack Linux, by the way.

Re:

[DeathElk]

http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training [offensive-security.com] By the nice folks who distribute BackTrack Linux, by the way.

Nice work, definitely worth reading AND donating.

Jaysus criminey, /., you are killing me here.

[sco08y]

Watch out, System Admins. The floodgates to BlackHat Hackerdom are now open.

This isn't just Captain Obvious.

This is Captain Obvious after he's been beaten half to death by a mob wielding stupid bats, been gene spliced with a tardosaurus rex, and then got a lobotomy from Dr. Mengele.

Wow, what a timely publication

[Legion303]

BT5 was released yesterday.

Re:

[Desler]

Well that's the Packt way. They make sure to always be at least a version behind by the time they get a book to market.