Transcript Fast-track

FAST-TRACK
Network Exploitation Tool
Overview
• Fast-Track is a Python-based penetration testing tool
• It automates many functions necessary to identify network
exploits
• Included in Backtrack OS
Backtrack 5
• A Linux distribution (Ubuntu-based) designed with
penetration testing in mind
• Comes preinstalled with many different suites of tools,
including
• Nmap
• Wireshark
• Fast-Track
Fast-Track Features
• Fast-track works as a front-end to the Metasploit
Framework
• Works in four steps
• Choose an exploit (over 300 are included by default)
• Choose a payload (such as a command shell or VNC client)
• Encode the payload to avoid detection
• Execute exploit
Exploits
• Among the over 300 exploits available (Windows and
Linux)
• Network exploits
• Database exploits (including Oracle, SQL Server, and PostgreSQL)
• Web application exploits
• Most exploits due to improper hardening techniques or
unsanitized data
Types of Attacks
• Automated
• Mass Client-Side Attack
• Payload Generation
Payload Generator
• Assumes attacker has access to remote machine
• Allows testing of host hardening and intrusion detection
software
• Provides Several Types of Payload:
• Spawn a command shell
• Start a VNC server
• Open a port on remote system
Payload Generator, cont.
• Provides several encoding procedures to test intrusion
detection and antivirus
• Includes avoid_utf8_lower
Documentation
• Largely unclear and unavailable
• Best source is the docs for Metasploit itself
• Still, many of the available choices are difficult to find
information about