News – Page 2 – BackBox.org Blog

BackBox 4 kernel stack up to date

September 5, 2016/in News

Ubuntu systems already have LTS enablement stacks that provide newer kernel and X support for existing Ubuntu LTS releases. As we all know, BackBox core system is built on Ubuntu system and therefore the same principle can be applied.

For those who are impatient and want to upgrade the kernel stack with their current BackBox 4.x to the latest available, you can follow the instructions below:

$ sudo apt-get install --install-recommends linux-generic-lts-xenial xserver-xorg-core-lts-xenial xserver-xorg-lts-xenial xserver-xorg-video-all-lts-xenial xserver-xorg-input-all-lts-xenial libwayland-egl1-mesa-lts-xenial

And we are all good just like that!

The full description for Ubuntu systems can be found at https://wiki.ubuntu.com/Kernel/LTSEnablementStack (Ubuntu 14.04 LTS – Trusty Tahr)
If any issues occur, feel free to get in touch with BackBox Community where you will have support.

Hacker by trade: Simulation of a Penetration Testing

April 12, 2016/in News

JEToP – Junior Enterprise Polytechnic University of Turin
Wednesday 13th April 2016, 09:00 – 19:00

Shielder is proud to announce an event that will be held at Polytechnic University of Turin

The purpose of this event is to offer participants a quick and charming introduction to the complex world of Information Security and Penetration Testing.

A Penetration Test in simple words is an attack on a computer system that seeks for the weaknesses of the target system, which can potentially let malicious users (attackers) to gain access to the system’s data by taking control of it.

The idea is not to introduce people (participants) how to attack systems but rather allow them to be able to identify the weaknesses and vulnerabilities that their systems are affected by. To allow everyone to protect their system and avoid any kind of unpleasant incidents such as unauthorized access, data loss/steal or permanent access by third parties. The event is mainly organized to this end.

While an attacker will need to find just a single vulnerability to be able to compromise a system (that is all he/she needs in the other end), a Penetration Tester thinks wider and tries to find the maximum number of vulnerabilities and weaknesses – possibly all – that an attacker may use. Once all the test is been actioned/performed, a Penetration Tester will have to report all the vulnerabilities discovered on the system and give guidelines to his/her employer (company) about how to fix such security holes to improve the companies (or even its own) systems.

During this organized event the following topics will be covered:

Introduction to Penetration Testing
Live vulnerability assessment, analysis and management of a target system (LAB)
Live pentest (attack) following the findings and vulnerabilities reported (LAB)
Mitigation of vulnerabilities
Question/Answer session and Free Talk

In order to facilitate this event we will be using BackBox Linux which one of the world’s notorious Penetration testing Linux distribution. BackBox has a collection of tools that are designed for both professional and passionate Pentesters. BackBox is a Free Open Source Community and therefore it is freely available and it can be downloaded by everyone from the official web site “https://backbox.org/download”

There will be 2 coffee breaks during the event (one before the lunch and another one after lunch). At the end of the event, the organizers are thinking of moving to Einaudi 57 for a drink, where anyone is invited to meet the guys working at Shielder and have a chat with them.

Don’t miss it!

Weevely 3 overview

February 3, 2015/in News

Weevely, the web shell for penetration testing included in BackBox since the earlier releases, has been forked and heavily rewritten as Weevely 3.0 to improve its extendibility and provide new modules for administration, post exploitation, and privilege escalation exploiting any web access.

The weevely modules ecosystem provides a working shell interface even with no shell command execution, replacing the standard shell commands (e.g. the file editors, cd and ls, SQL cli and dump, compression utilities, port scanners, etc.) with the weevely modules.

The weevely wiki tutorials shows some example on how to edit remote files, harvest and reuse some SQL credentials or bruteforce them. Who wants can follow also the tutorial about developing new modules.

Weevely can be extended to automatize the auditing or privilege escalation tasks, exploit specific vulnerabilities, enumerate accounts, scrape sensitive data, pivot on the target to scan the internal networks, run HTTP or SQL requests and do a whole lot of other cool stuff.

Weevely is installed by default on BackBox, download it now or get your version of weevely here.