Quite often, people tend to wonder what it’s like to experience an Offensive Security live training course. At our most recent live Pentesting with BackTrack course in St. Kitts, we had in attendance, Johnny Long of Hackers for Charity and he kept a journal of his experiences during the course. In this series of blog posts, we hope to give you a glimpse into what it is like to experience our live training and hope that you will join us for our next course in the Caribbean!
We’ll let Johnny take it from here:
” There is a reality behind these tools. There are stories. Stories of security, vulnerabilities, and weaknesses. Stories of real machines with real data on real networks run by and serving real people. It’s easy to begin to believe that this is a game when you’re fooling around with these tools, but this course brings the reality of security into sharp focus.
For years, I have relied on which and find on my Linux systems to find things I needed. I was introduced to locate and its companion updatedb, which works much better and much faster than find. I’ve been using Linux for over ten years and I don’t consider myself an expert, but it was refreshing to learn a few new Linux tricks within the first hour of the course.
Muts is teaching about bash scripting, imploring the benefits of strong “bash-fu” and knowledge of five helpful UNIX commands: sed, awk, grep, cut and paste. As a long-time Linux user, this is a pleasant surprise. These tools are the foundation for most of the work we do as pentesters. I read way too much forum jabber from frustrated users trying to do something highly technical only to be stymied by a misunderstanding of these fundamentals.
This is fact. But is it accepted fact? Well, for anyone that might be on the fence about this, let me break it down as simply as I can. There are at least six solid reasons you should take the time to learn shell scripting and the “big five”:
Take my advice and Mati’s as well: Begin with at least a few days of study in bash scripting and never stop learning more. Learn grep, sed and awk. Learn cut and paste, and memorize the bash built-ins. Start building your own collection of self-made bash scripts for the functions you perform most often. They will serve you well.
There simply is no substitute for strong bash-fu.
Muts is talking about wireshark. He made a mention of a goofy sniffer back in the day that had all these crazy dashboards and was confusing to say the least.. I remember sniffers like this. When I was getting my start in IT, sniffers were dedicated hardware devices for hardcore geeks. They were bulky, confusing and kludgey. Looking back, I realize that the device itself kept me from learning more about networking. It seemed “too hard” and way too close to electrical engineering to make any sense to me.
Then came tcpdump, followed by ethereal, followed by wireshark. Now, sniffers are apps. Yes, there are still hardware sniffers that can hang with terabit, but it doesn’t take much to learn about networking these days. You fire up your sniffer app (wireshark is the de-facto standard today), you generate network traffic and you check it out.
This is another one of those exercises I think is shortcutted far too often. With sniffers being easily accessible (and bundled with BackTrack of course), there’s no reason not to dig into networking. You can (and should) read books on the subject, but if you’re at all like me, it’s easier to learn when you can see the subject in action.
A solid understanding of networking is critical to success in this field. Jump in, get messy. And when you think it’s too hard, just be thankful you’re not wrangling with dedicated hardware like we did back in the day. You youngsters have it so easy.
We’ve spent an entire day of class learning manual techniques for reconnaissance and enumeration. I’m pleasantly surprised at this.
I’ve lost years of my life doing the digital doggy paddle through a sea of enumeration logs searching for elusive targets on sprawling networks. To this day, I get twitchy when I hear the word dig regardless of the context. But I know these are critical concepts to learn. It’s generally difficult to hack targets you can’t find. It’s just not fun. It’s time consuming and ugly.
As a result, by the end of day one, the students were a bit burned out. I felt a bit sorry for Muts at this point because I knew there was no better way to explain the concepts other than to drag us through the mud a bit. At the top of the last hour, I had begun to long for a slick tool that would help with all this stuff. I wanted something sexy and smart, something a bit less .. blah.
I met Roelof in 2004 at the Blackhat conference in Las Vegas. I was scheduled to give my first talk on Google hacking and I was nervous because my talk was “clever” but only lightly technical. Roelof, an industry rockstar, encouraged me. He told me how cool “clever” recon and enumeration could be and gave me a private demo of his BiLE tool as well as a predecessor to something he called BiDiBLAH. He was fanatical and brilliant and I caught his excitement. Thanks in no small part to this conversation, I went on to write the Google Hacking book and ever since I’ve had a much better understanding of the importance of the gray area between recon and enumeration. Roelof’s passion and brilliance was fully realized years later when he founded Paterva and released the Maltego tool set. Just like that, recon and enum was on its way to becoming sexy.
I had nearly forgotten about my old friend Roelof until Jim O’Gorman took the stage and launched Maltego on his Mac. I was shocked. Roelof had done it. The interface was gorgeous. The transforms list had exploded. Maltego was sexy.
Jim led the class out of the desert and miraculously parted the sea of information with Roelof’s staff. Dramatic? Hardly. It was an expert stroke. The class understood the concepts and the more astute students realized the power behind Maltego’s gorgeous, shiny interface. The class came away with the answers to both the “How?” and the often-elusive “Why?” and as a result Offensive Security spawned exactly zero tool monkeys on this day.
Well done, Roelof. And thanks to the crew at Offensive Security for dragging us through the desert so we could better appreciate the miracle of the parting sea. “
Hopefully, this in-depth account of Day 1 of Pentesting with BackTrack has given you some insight into what we have to offer. If we have piqued your interest, our next live training in St. Kitts will have not one, but two courses. In addition to Pentesting with BackTrack, we will also be offering the very demanding Advanced Windows Exploitation so SIGN-UP today and join us in the Caribbean.