PRIVATE TRAINING

X-CODE

BACKTRACK 5 PENTEST< WEB ATTACK >

Oleh : Danang Heriyadi

root@bt:~# ls DAFTAR ISI

0x001 – Pengantar Backtrack

• Tentang Backtrack.....................................

• Instalasi Backtrack di hardisk........................

• Instalasi Backtrack di USB Flashdisk..................

0x002 - Dasar Penggunaan Backtrack

• Login Backtrack.......................................

• Mengganti password root...............................

• Konfigurasi ulang WICD................................

• Konfigurasi SSH.......................................

• Perintah dasar shell..................................

• Service Backtrack HTTP, SSH, MySQL....................

• Persiapan Web target..................................

0x003 - Information Gathering.......................

• Webserver scanning with nmap..........................

• Web application analysis..............................

• CMS identification with

◦ BlindElephant.......................................

◦ CMS Explorer........................................

◦ Whatweb.............................................

0x004 - Vulnerability Assessment

• Web vulnerability Scanners with.......................

◦ Nikto...............................................

◦ Wpscan..............................................

◦ Jomscan.............................................

◦ W3af................................................

◦ fimap...............................................

◦ XSSer...............................................

0x005 - Web Attack

• Basic SQL Injections..................................

• SQL Injections with SQLMap............................

• Basic LFI Exploitations...............................

• LFI Exploitations with fimap..........................

• Webserver attack with exploit.........................

• XSS Manual Exploitations..............................

• XSS Attack with XSSER.................................

• Hacking test..........................................

0x006 - Password Attack

• Online password Attack with Hydra.....................

• Offline password Attack with JTR......................

0x006 - Maintaining Access

• PHP Shell (Linux & Windows)...........................

• Telnet Backdoor (Linux & Windows).....................

• Weevely Backdooring...................................

0x007 - Linux privilege escalation

• Rooting...............................................

• Add new user..........................................

0x009 - Covering Tracks (Linux)

• Clear logs, history...................................

0x010 - Hacking test

• Defacing, Rooting, and Backdooring....................