Categories
BackTrack Grep Linux SSL Ubuntu USB VMWare

Building the Perfect Backtrack 4 USB Thumb Drive

This post will show you how to build a USB thumb drive with the following features:

  • Persistent Changes
  • Nessus and NessusClient installed
  • Encryption configured for storing data

Tools and Supplies

  1. USB thumbdrive – minimum capacity 4GB
  2. BackTrack 3 CDROM, BackTrack 4 DVD or an additional USB thumbdrive (minimum 2GB) – Used to partition the thumbdrive.
  3. Optional: UNetbootin – A tool to transfer an iso image to a USB drive.

Download the BackTrack ISO (BackTrack 4 Pre Release is the latest as of this posting)

This tutorial is based commands executed from BackTrack, so you will have to boot BackTrack 4 first. The easiest way to do this is to boot from the BackTrack 4 DVD, which is a live CD.

Partition the USB thumbdrive
First, boot to BackTrack 4. You will have to figure out which drive is the target drive. The following command will show the drives available and you can determine from that which is the new USB drive:

dmesg | egrep hd.|sd.

Partition and format the drive as follows:

  1. The first partition needs to be a primary partition of at least 1.5 GB and set to type vfat. Also remember to make this partition active when you are creating it. Otherwise you might have some boot problems.
  2. The second Partition can be the rest of the thumb drive.

Below are the steps to take to get the drive partitioned and formatted, and were taken from this video on the Offensive Security website. A ‘#‘ indicates a comment and is not part of the command and user typed commands are blue bold. Note, make sure to delete any existing partitions on the drive first.

fdisk /dev/sda # use the appropriate drive letter for your system
# delete existing partitions, of which there may be more than one. 

Command (m for help): d
Partition number (1-4): 1 

# create the first partition 

Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-522, default 1): <enter>
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-522, default 522): +1500M 

#create the second partition 

Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (193-522, default 193): <enter>
Using default value 193
Last cylinder, +cylinders or +size{K,M,G} (193-522, default 522): <enter>
Using default value 522

# Setting the partition type for the first partition to vfat/fat32 

Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): b
Changed system type of partition 1 to b (W95 FAT32) 

# Setting the partition type for the second partition to Linux 

Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 83 

# Setting the first partition active 

Command (m for help): a
Partition number (1-4): 1 

Command (m for help): w 

# now it is time to format the partitions 

mkfs.vfat /dev/sdb1
mkfs.ext3 -b 4096 -L casper-rw /dev/sdb2

Two things to notice above in the format commands:

  1. We are using ext3 instead of ext2
  2. You must include the -L casper-rw portion of the command.

Being able to use ext3 is great because of journaling. The -L casper-rw option helps to get around the problem where we had to enter the partition name in order to get persistence working.

Partition and format the drive according the layout above.

Make it a bootable BackTrack 4 USB thumb drive
These steps are also taken from the Offensive Security video mentioned above.  They are:

  1. Mount the first partition
  2. Copy the BackTrack files to it
  3. Install grub

Execute the following commands.

# mount the first partition, sda1 in my case. 

mkdir /mnt/sda1
mount /dev/sda1 /mnt/sda1
 

# copy the files, you will need to find where the ISO is mounted on your system. 

cd /mnt/sda1
rsync -r /media/cdrom0/* .
 

# install grub 

grub-install --no-floppy --root-directory=/mnt/sda1 /dev/sda

Now you have a bootable BackTrack 4 USB thumb drive. Next let’s configure persistent changes.

Persistent Changes
This is done much differently and more easily than it was in BackTrack 4 Beta or BackTrack 3. First of all, for basic persistence, no configuration is required. There is already a menu option for this, however, it is only for console mode so you will have to make a couple changes:

  1. Change the default boot selection to persistent
  2. Set the resolution for the GUI

cd /mnt/sda1/boot/grub
vi menu.lst 

# change the default line below to ‘default 4' and append ‘vga=0×317' (that’s a zero) to the kernel line to set the resolution to 1024×768 

# By default, boot the first entry.
default 4
.
.
.
title Start Persistent Live CD
kernel /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0×317
initrd /boot/initrd.gz

:wq

Reboot and either select “Start Persistent Live CD” or just wait since we set it to auto-boot to persistent mode. To testit, create a file and reboot again. If your file is still there, everything is working.

Install Nessus
Download the Ubuntu Nessus and NessusClient packages from nessus.org.

Again, with BackTrack 4 things are little easier. To install the Nessus server, simply execute the following command to install the package.

dpkg –install Nessus-4.0.2-ubuntu810_i386.deb

Things used to be a little bit more complicated for the client, but with the release of the pre-final version, it is just as easy as installing as the server.

dpkg –install NessusClient-4.0.2-ubuntu810_i386.deb

Finally it’s time to configure Nessus. Execute each of the following and follow the prompts.

#create server certificate 

/opt/nessus/sbin/nessus-mkcert

This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your Nessus daemon will be able to retrieve this information.
CA certificate life time in days [1460]:<enter>
Server certificate life time in days [365]:<enter>
Your country (two letter code) [FR]:US
Your state or province name [none]:State
Your location (e.g. town) [Paris]:City
Your organization [Nessus Users United]:<enter>
.
.
.
Congratulations. Your server certificate was properly created.
.
. 

# add user 

/opt/nessus/sbin/nessus-adduser 

Login :Admin
Authentication (pass/cert) : [pass]<enter>
Login password :
Login password (again) :
Do you want this user to be a Nessus ‘admin’ user ? (can upload plugins, etc…) (y/n) [n]:y
User rules
———-
nessusd has a rules system which allows you to restrict the hosts
that Me has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login : Admin
Password : ***********
This user will have ‘admin’ privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y]y
User added
We want to disable Nessus starting at boot. We are going to do some things a little later than require that Nessus not be running at boot. 

/usr/sbin/update-rc.d -f nessusd remove

This command does not remove the Nessus start scripts. It only removes the links that cause Nessus to start at boot time.

The next thing to do is register the installation so you can get the plugin feed. You need to go here and request
a key.

Once you have your key. Execute the following to update your plugins. Please note that there are two dashes before register in the nessus-fetch line below. They can display as one sometimes.

/opt/nessus/bin/nessus-fetch –register [your feed code here]

When that is done, and it is going to take a few minutes, you are ready to start the server and client. Be aware that with version 4.0, while the command to start returns quickly, the actual starting of the service may take a minute or two. You may have to reboot before Nessus will work. You can use netstat -na to check that the
server is listening on port 1241.

/etc/init.d/nessusd start
/opt/nessus/bin/NessusClient

Time to find those vulnerabilities.

Configure Encryption
Since BackTrack will be used to poke at peoples networks and systems, with permission of course, it is very important that the information we find be protected. To do this, we are going to setup an encrypted volume that will eventually become our home directory.

This can be done with the GUI or via command line. We will be using the gui because we need to be able to format the volume with ext3 and, as yet, I have not been able to figure out how to do that via the command line on linux.

  • Launch truecrypt from a terminal window.  
  • When truecrypt opens click the “Create Volume” button.  
  • In the Volume Location field enter the path to your volume, like /work_dir, click next.  
  • Leave the default Encryption Options & click next.  
  • Enter the volume size, say 1GB or so.  
  • Enter and confirm your desired password. 
  •  Select ext3 for the file system type, click next.  
  • Click next on the Cross-Platform Support page leaving the default values.  
  • Click format – you should move your mouse to create randomness for higher security.

You will get a message that the volume was successful created. Click on the ‘OK’ button, then exit the Truecrypt gui, both the ‘Create Volume’ windows and the main windows, going back to your terminal (command line) window.

To test the filesystem, execute the following, note the -k ” is two single quotes, not a double quote:

truecrypt -t -k ” --protect-hidden=no /work_dir /media/truecrypt1
mount
cd /media/truecrypt1
df .

This will show that the volume is mounted and the amount of disk space you have left. The next step is to have this volume mounted when you log in. This can be done by editing the root user’s .profile file. Add the truecrypt command above to root’s .profile so it looks like this:

# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi
truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1
mesg n

The next time you reboot you will be asked for the password for the volume and it will be mounted for you.

Now let’s tweak a few tings
The first thing we are going to do is configure networking to start at boot time. It’s convenient and easy to
disable later if necessary. All you have to do is execute the following command.

/usr/sbin/update-rc.d networking defaults

Next, make sure all the BackTrack tools and the system itself is up-to-date. First execute the following:

apt-get update

This is update the software repository information. Next, execute:

apt-get upgrade

The system will determine if there is anything that needs to be updated and then prompt you to continue. Individual packages can be updated by including the package name after upgrade.

Next reset the root user’s home directory during the login process to the mounted truecrypt volume. This will ensure that anything written to the home directory will be encrypted. Enter the following commands:

cd /media/truecrypt1
rsync -r –links /root/ .
 

# add the bold lines below 

vi /root/.profile 

# ~/.profile: executed by Bourne-compatible login shells. 

if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi
truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1 

export HOME=/media/truecrypt1
export HISTFILE=/media/truecrypt1/.bash_history
cd
 

mesg n 

:wq

The next time you reboot, when you are finally in the system, your home directory will be /media/truecrypt1.
There is one last thing we should do – change nessus to log to the encrypted volume. This is very easy. The
file that controls this is /opt/nessus/etc/nessus/nessusd.conf. We need to create a place for the log files to go. Execute the following:

cd /media/truecrypt1
mkdir -p nessus/logs
 

Once you have done that, edit the /opt/nessus/etc/nessus/nessusd.conf file and change this:
.
.
.
# Log file :
logfile = /opt/nessus/var/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /opt/nessus/var/nessus/logs/nessusd.dump
.
.
.

to this:

.
.
.
# Log file :
logfile = /media/truecrypt1/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /media/truecrypt1/nessus/logs/nessusd.dump
.
.
.

That’s it. Now you have the Perfect Backtrack 4 USB Thumb Drive.

More BackTrack:

Categories
BackTrack Bootable BT BT 4 BT4 Linux Passwords Ubuntu UNetbootin USB Utility VMWare WEP Windows WPA

How to make Backtrack 4 boot from USB

In this article we will describe how we can make a USB Bootable drive for Backtrack 4 Linux distribution. The new release is based on Debian/Ubuntu and not on Slackware as it was used to be in earlier versions (Backtrack 3 and below).

In this article the UNetbootin Windows version tool has been used to demonstrate the above scenario.

Requirements:
Minimum USB Drive capacity 1 GB
Format the USB to FAT32

Tools:
http://unetbootin.sourceforge.net/
http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-iso

Workaround:

1. Download BT4 Beta ISO
2. Download UNetbootin to make our usb bootable
3. Run Unetbootin and select bt4-beta.iso for diskimage
4. Select USB Drive letter and click on OK to start making a bootable usb drive

After the creation process finishes restart your machine and boot from the new usb bootable drive created and enjoy Backtrack 4 Beta on your system.

Default Backtrack 4 username is root and password is toor.

Note: Be sure that your install the MBR on the USB drive by executing drive:bootbootinst.bat on your USB drive.

Keywords:

backtrack 4 usb thumb drive bootable
backtrack4 usb boot laptop
how to make bt4 bootable from usb

BackTrack links
Categories
BartPE FREE Freeware Linux Live CD Passwords Preinstalled Environment USB Utility Windows Windows 2003

BartPE (Bart’s Preinstalled Environment)

BartPE (Bart’s Preinstalled Environment) is a lightweight variant of Microsoft Windows XP or Windows Server 2003 32bit operating systems, similar to a Windows Preinstallation Environment, which can be run from a Live CD or Live USB drive.

A BartPE system image is created using PE Builder, a freeware program created by Bart Lagerweij. It requires a legal copy of Windows XP or Windows Server 2003. Additional applications can be included in the image using plugins.

As a Live CD or USB, BartPE allows a user to boot Windows, even if a hardware or software fault has disabled the installed operating systems on the internal hard drive — for instance, to recover files. It can also be used to scan for and remove rootkits, viruses and spyware (that have infected boot files), or to reset a lost administrator password.

Description
As with Windows Preinstallation Environment, BartPE operates by loading system registry files into RAM, and not writing any registry changes back to boot media. Thus, both operating systems require no hard drive or network access. This also allows them to be run from non-writable media such as a CD-ROM.

Since each instance of BartPE is a new installation, the BartPE “boot” disk needs original Windows setup files in order to operate. The Bart PE Builder application interprets and condenses files from a Windows setup CD to create the BartPE installation. It can build from a Windows XP Pro or Home Edition CD, or from a preinstalled Windows XP version (without a CD).[1]

Additional applications can be included in the BartPE setup through the use of “plugins”. A plugin contains setup information for a specific application, so that it can be included on the media and installed along with Windows at each BartPE boot. Currently there are a few hundred plugins available in addition to the dozen-odd that are included by default with BartPE. Since BartPE represents a totally independent operating environment, the most obvious application examples involve backup, restoration, diagnosis and error-correction of systems with malfunctioning primary storage drives. Plugin programs can nominally be added to the capacity of the BartPE media.

BartPE is known to have certain incompatibilities with the Windows XP CDs shipped with most Dell PCs. The Dell versions include changes to the Windows setup files that can cause the BartPE build process to fail. Two patches are currently available to correct the known problems.

BartPE cannot create Vista Live DVDs.

Download BartPE

Categories
Bootable Flash Drive Install Linux USB Win 7 Win7 Windows Windows 7 Windows Vista Windows7

Creating Bootable Vista / Windows 7 USB Flash Drive

This will walk through the steps to create a bootable USB flash drive. These instructions assume that you are running Windows Vista or Windows 7.

Required:

  • USB Flash Drive
  • Microsoft OS Disk (Vista / Windows 7)
  • A computer running Vista / Windows 7

Step 1: Format the Drive
Warning: This will erase everything on your USB drive.

  1. Open a command prompt as administrator (Right click on Start > All Programs > Accessories > Command Prompt and select “Run as administrator” – you must do this or it may not work, displaying the message: “Could not map drive partitions to the associated volume device objects”
  2. Find the drive number of your USB Drive by typing the following into the Command Prompt window:
    – diskpart
    – list disk
    The number of your USB drive will listed. You’ll need this for the next step. I’ll assume that the USB flash drive is disk 1.
  3. Format the drive by typing the next instructions into the same window. Replace the number “1” with the number of your disk below.
    – select disk 1
    – clean
    – create partition primary
    – select partition 1
    – active
    – format fs=NTFS
    – assign
    – exit
    When that is done you’ll have a formatted USB flash drive ready to be made bootable.

Step 2: Make the Drive Bootable
Next we’ll use the bootsect utility that comes on the Vista or Windows 7 disk to make the flash drive bootable. In the same command window that you were using in Step 1:

  1. Insert your Windows Vista / 7 DVD into your drive.
  2. Change directory to the DVD’s boot directory where bootsect lives:
    – d:
    – cd d:boot
  3. Use bootsect to set the USB as a bootable NTFS drive prepared for a Vista/7 image. I’m assuming that your USB flash drive has been labeled disk G: by the computer:
    – bootsect /nt60 g:

Step 3: Set your BIOS to boot from USB
This is where you’re on your own since every computer is different. Most BIOS’s allow you to hit a key at boot and select a boot option.