The sbd command is a netcat clone that offers decent encryption, allows for command execution, and will install on Linux or Windows. You are likely aware of netcat and all of the different ways you can use it including reverse shells, port scanning, etc. The sbd command is a great tool for opening up protected listeners or as noted in the Backtrack Linux menu for maintaining access to servers on compromised networks. Since it is likely you are familiar with nc or netcat below I go into setting up a reverse shell using a secret key between the listener and the connecting client.
The bulk_extractor tool is one of the tools on Backtrack that a single article is not going to do it a lot of justice but hopefully after reading the below you will be able to see the benefits and understand basic usage of this amazing tool. The bulk_extractor actually reminds me of various tools such as Power Grep for Windows that can be used in penetration tests to locate private data worth being called out in a deliverable. By no means will the below be a complete howto for the bulk_extractor but again it will attempt to shed some light on its purpose and some easy ways it can be used.
The ss command is not necessarily specific to Backtrack but is typically included in most Linux or UNIX distributions. This is definitely a core utility though that should be in any pen testers arsenal as it provides great information about any type of socket socket including DCCP sockets, RAW sockets, TCP sockets, UDP sockets and UNIX sockets. There are various switches that are useful based on the task and below I go into multiple examples of using switches for different scenarios.
So many of the DNS enumeration scripts available in backtrack focus on typical DNS but reverseraider does what it sounds like it might do which is enumerate reverse DNS names. Enumerating reverse DNS on an IP or set of IP’s can sometimes reveal information you did not previously have. It is possible to be targeting a web server that has a bunch of virtual hosts and you prefer to track down primary web site on the web server which is where reverseraider may provide the results necessary as it is more likely that the most important site on the virtual web server has reverse DNS configured on the host itself. Below I display the primary three methods of using reverseraider.
I remember being so happy about 0trace when I started to write some Backtrack related articles because even though 0trace is fairly simple it is really useful to locate the full path to devices you are investigating. In the article below I will explain the necessary 0trace input from the command line, what needs to be done to complete a successful trace to a target using 0trace, and provide some example of devices in front of and behind a firewall blocking ICMP or traceroute requests.