Backtrack in heterogeneous environments.

[Ghostphillys]

Hi guys,

I got a penetration test to do in a company, and it includes different machines, Linux, osX, Windows, and some other systems. While we were discussing the contracts, the boss asked me a question I couldn't really answer.

"what are the advantages and disadvantages of using backtrack in an heterogeneous environment like the one we have"

I got the following answers,

1. Many tools available in one place
2. This allows the penetration test to be fast without carrying 20 live cds
3. It may restrict the creativity of the Pentester by using only the tools available

Actually, I told him I would come up with other answers, but after a few search I couldn't. Do you have any other ideas ?

thanks

[Archangel-Amael]

Not sure how number 3 would apply to a distribution. Creativity of the penetration tester should be a hallmark characteristic. Not something that is confined to a tool or tool set.
Further there are pros and cons to using anything. BackTrack is created for the professional penetration tester. So with this thought in mind it is designed to make his or her job easier. By that I mean we put first thought into pentesting and not appearances of the OS, or if it has 16 different twitter applications built in.
So having said that, your job as the end user is to evaluate it, and determine if it fits your needs. Based on this evaluation, one would normally have two choices, 1 improve the product to better suite you, or 2. use another product.
While we would hope that BT will suite your needs it may very well not. But we would also appreciate the feedback as to why it does not fit.

[Scamentology]

The reason I use Backtrack specifically is that it makes no noise until I tell it to. The more I dig into Backtrack the more I appreciate the attention to certain detail.

In fact the only disadvantages are...
- the DHCP hostname when using WICD. (When I see "bt" in the clients list on a network, it always excites me a bit.) Which oddly enough prompted me to write a script to look for that hostname (and others) as a preventive measure, as well as to connect to any network from the command line when I use BT.
Might want to change that to something less obvious like "user".

- All the ports are closed and makes it very obvious when its on a network where every client has an open port.

one question to the op though. why is the distro relevant to the customer? as opposed to what? Have you done anything to customize BT or just running it out of the box? build some customized scripts to run the pentest and sell that.

Another thing is that the presentation of findings is more important than how you do the pentest. As far as the customer is concerned the process is a trade secret. just give him 3 choices - like packages.
- exhaustive - Social engineering, exploitation and control of clients
- comprehensive - Manipulation of network information but no SE and exploitation with "safe checks" enabled
- safe - wont affect the network at all, passive recon.

One of my favorite things to do is watch the customer as he listens to the SE calls. Its amazing how quickly the staff gets retrained.

I am a fan - great job guys

[comaX]

- the DHCP hostname when using WICD. (When I see "bt" in the clients list on a network, it always excites me a bit.) Which oddly enough prompted me to write a script to look for that hostname (and others) as a preventive measure, as well as to connect to any network from the command line when I use BT.
Might want to change that to something less obvious like "user".

Actually, I think you can disable this in the preferences And if you can't, you surely can change the name before connecting !

[Ghostphillys]

Thank you for the answers

So while making pen-testing you always kept the methodology secret ?

[Scamentology]

Actually, I think you can disable this in the preferences And if you can't, you surely can change the name before connecting !

I am aware of that. Thanks

It is a very minor point that I made about the default host-name. My point was that this was the only thing that stuck out when I read this thread.

Backtracks claim to fame is how "quiet" it is by default and this is a huge red flag on a network if the pen-tester doesn't change this "preference", But that comes down to the users attention to detail.

[gunrunr]

you can change it easy enough but it seems there are programs that depend on it staying the default...i changed the hostname to something else and some things failed to work correctly.

[comaX]

you can change it easy enough but it seems there are programs that depend on it staying the default...i changed the hostname to something else and some things failed to work correctly.

Never had anything of the sort, but it might explain failures in the future... Thanks ! Do you have examples ?