2

I know just the basics of backtrack and I want to ask some questions about it:

  1. Can you attack an ftp server using backtrack? an email server?

  2. I have a Centos virtual private server and backtrack is on my PC, Can I change the IP-address of backtrack to my VPS IP-address and do phishing using my VPS IP-address?

  3. Can I do brute force attack to crack email passwords using backtrack?

Improve this question

2 Answers 2

Reset to default
4

Learning and experimentation is good, everyone started somewhere. There is a lot of information out there. If you are interested in the functionality of BackTrack then I would suggest hanging out in their community forums. They have a lot of tips and tricks. Just like with a carpenter, they have to know their tools and material. Be as it may - a hammer and wood respectively. If you want to be good at Red Team stuff, or infosec in general, you need to understand your tools and understand what you are attacking. You need to study up on networking in general and it sounds like wireless networking principles specifically.

1-can you attack an ftp server using backtrack? an email server?

Yes it has the tools to facilitate an attack against both of those types of targets

2-i have a centos vps and backtrack is on my pc, can i change the ip address of backtrack to my vps ip and do phishing using my vps ip?

A semi-complex question, the short answer is it is probably not going to work the way you've pictured it in your mind. Again you'll want to visit that networking stuff.

3-can i do brute force attack to crack email passwords using backtrack?

Yes there are a couple of different types of tools included that can help with this depending on your vector, generally the more access you have the more possible the chances are of a successful outcome.

All in all "there is no royal road to information security," you gotta put in the time and effort. All that technical stuff is one thing, remember to not forget about the weakest link in the entire chain are the people on the keyboards.

Improve this answer
1
  • Red Team: a group acting as the attackers in a controlled scenario, usually for penetration testing.
    – this.josh
    Commented Oct 4, 2011 at 8:46
3

  1. yes. It's been a while since I've used it, but I believe a tool called Hydra is designed for something like that. One of the fastest ways to alert an IDS!

  2. That's way too broad to answer. We don't know anything about your setup (i.e. are they on the same subnet?). But that's not really what Phishing is. Phishing is more like tricking people into thinking they're on one site, but leading them to yours. Phishing doesn't involve actually replacing a server with yours. At any rate, look up ARP poisoning/spoofing.

  3. Yes. But once again, very open ended, not a lot of details. For example, if you have the hashes, you'll use one tool. If you're brute forcing by way of a dictionary attack, you'll use another tool.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .