Whats the best way to learn Backtrack4 and Metasploit?

YuckTheFankees

I know I can google the question but I'm looking for help from TE .


Also, who all has a pentest lab at home? I have 3 or 4 hacking books, and Im so confused on to connect everything, what to get, blah blah blah

chrisone

I am in the same boat as you , but i haven't begun the processes of studying pen test (i have other exams to worry about). However i found a book recently, JDMurry will be reviewing soon, that is geared towards pen testing with BT4.

Check here if you haven't already been to this post.
http://www.techexams.net/forums/security-certifications/65377-backtrack-4-assuring-security-new-book.html

The book Amazon.com: BackTrack 4: Assuring Security by Penetration Testing (9781849513944): Shakeel Ali, Tedi Heriyanto: Books

JDMurray

YuckTheFankees wrote: »

Im so confused on to connect everything, what to get, blah blah blah

You can't be a pen tester unless you know how networks are constructed and configured. The CCENT, CCNA, and CCNA:Security are a good set of certs to get prior to studying pen testing.

YuckTheFankees

Okay thats most likely why I'm so lost...I hope to have it all done by the end of summer. I want to pentest ALREADY!

ChooseLife

JDMurray wrote: »

You can't be a pen tester unless you know how networks are constructed and configured.

QFT!
Pentesting in a nutshell is the analysis of a target based on one's understanding of systems/networks - not to be confused with launching nmap/metasploit/nessus. How good of a pentester one is has direct correlation with one's knowledge of computer systems.

white96gt

JDMurray wrote: »

You can't be a pen tester unless you know how networks are constructed and configured. The CCENT, CCNA, and CCNA:Security are a good set of certs to get prior to studying pen testing.

Should be a sticky. This usually takes years not months.

contentpros

There is a good tutorial on Metasploit (Metasploit Unleashed) from the guys at offensive-security which can be found here:

Metasploit Unleashed By Offensive Security

but as others have said this is not something you learn overnight. Master the basics and get solid on your fundamentals and keep working from there.

Lab the hell out of it, any os you can get your hands on and see how you do. Master the common tool and learn them inside and out. Remember its the tester that makes the tool effective not the other way around.

ChooseLife

And to answer your original question,

Whats the best way to learn Backtrack4 and Metasploit?

I learned both of these, along with other tools, during "war games" at school. Here's how it worked: we split into teams, set up our "base" networks that contained vulnerabilities (each team had to verify their vulnerabilities were _practically_ exploitable), then on the agreed day exchanged public IP's of our networks and attempted to hack each others' networks. At the final phase, we analyzed own networks to find out what was exploited, how, and what changes were made (e.g. rootkits). It was a great learning experience... but I should mention again that by the time we got into these wargames, we had solid knowledge of a multitude of things - TCP/IP layers and their flaws, packet analysis, OS fingerprinting, programming languages, x86 CPU and memory architecture, buffer overflows... without such foundation one risks to be blindly pressing buttons without gaining much.

Now generally, I'm not a big fan of group studying, but for this type of exercise, if you can find a few like-minded people and practice something similar, it could be a lot of fun and awesome learning experience!

YuckTheFankees

ChooseLife wrote: »

And to answer your original question,
I learned both of these, along with other tools, during "war games" at school. Here's how it worked: we split into teams, set up our "base" networks that contained vulnerabilities (each team had to verify their vulnerabilities were _practically_ exploitable), then on the agreed day exchanged public IP's of our networks and attempted to hack each others' networks. At the final phase, we analyzed own networks to find out what was exploited, how, and what changes were made (e.g. rootkits). It was a great learning experience... but I should mention again that by the time we got into these wargames, we had solid knowledge of a multitude of things - TCP/IP layers and their flaws, packet analysis, OS fingerprinting, programming languages, x86 CPU and memory architecture, buffer overflows... without such foundation one risks to be blindly pressing buttons without gaining much.

Now generally, I'm not a big fan of group studying, but for this type of exercise, if you can find a few like-minded people and practice something similar, it could be a lot of fun and awesome learning experience!

how long did it take to learn the things you listed? I know Tcp/IP layers, but what flaws are you referring to?

ChooseLife

YuckTheFankees wrote: »

how long did it take to learn the things you listed?

For myself, by the time I arrived to these wargames, I had been playing around with computers for ~10 years.

YuckTheFankees wrote: »

I know Tcp/IP layers, but what flaws are you referring to?

ARP's inherent quality is existence of gratuitous ARP (GARP) packets. ICMP has redirect and router advertisement packets.
If we look at these from a pentester's perspective, both can be used for Man-in-the-Middle traffic redirection attack. Now, in order to know whether you can use one or the other, you need to understand how the protocols work and how network players react to the packets. What logical proximity to the target would be required to launch ARP poisoning? Would a router drop this packet? What about a switch? A hub? A wireless access point? Same questions for ICMP redirect packets... What is the target's normal behaviour upon receiving these packets? And so on...

alan2308

YuckTheFankees wrote: »

Whats the best way to learn Backtrack4 and Metasploit?

When I took the first 2 pen testing courses in my program, we used this book, which I thought was pretty good.