Information Security

asp-auditor – Backtrack – Exploitation Tools – Web Exploitation Tools – asp-auditor

The asp-auditor application located in Backtrack 5 R3 is fairly outdated but it still does a good job of finger printing ASP servers but the vulnerabilities that it may locate link to articles that no longer exist on the developers personal web site. Below we show two examples where asp-auditor, which is written in Perl, is run against a older Microsoft IIS web server running an ASP web site and a newer Microsoft IIS web server running an ASP web site. If your only goal is determining the IIS version and other basic ASP information then the tool could be useful.

Information Security

apache start – Backtrack – Services – HTTPD – apache start

Backtrack Linux offers a lot to people of all skill sets and I really appreciate the thought that the developers have put behind making this a operating system platform that is friendly to all. In my experience there are penetration testers or information security enthusiasts of all levels and having Backtrack as a platform to learn from is great. The apache start menu item in Backtrack simply starts the Apache web server and is explained in more detail below.

Information Security

ipcalc – Backtrack 5 – Miscellaneous – Miscellaneous Network – ipcalc

A tool that is more than likely not used very often in Backtrack is the ipcalc which is a command line to that will quickly provide you broadcast address, network address, netmask, and Cisco wildcard mask. If you do a lot of Backtrack Linux installations that each require different IP information for various networks this tool can be really useful to verify settings made in the networks file in Ubuntu/Backtrack. I used to find myself breaking out a iPhone IP calculator on a regular basis and while I still do use that application I prefer ipcalc from the command line if its readily available. Below are details regarding ipcalc and the various switches available to it.

Information Security

smbclient : Backtrack 5: Non Menu Items: CLI Commands: smbclient

The smbclient command line application included in Backtrack Linux is a staple for pentesting. I would imagine anyone that has done a pentest has used it to quickly verify SMB (Server Message Block) or CIFS (Common Internet File System) shares. The smbclient manpage describes it as a FTP-like client to access SMB/CIFS resources on servers. Below we describe varios smbclient commands in details to provide a basic understanding of its capabilities and what output will look like when using this tool in Backtrack Linux.