Search My Blog

Sunday, August 1, 2010

USB Install of Backtrack 4 and other good stuff

So, I decided in "preparation" for our Network Security and Vulnerability after-hours working group, I would setup BackTrack Linux 4 – Penetration Testing Distribution. (Who knows if I'll go this week, seeing as my wife might go into labor this week :-) ) This product is open-source and contains many packages that would be used to do network assessments and penetration testing. I wanted my setup to work on any machine and be highly portable, so I decided I would install it in a 16GB thumb drive.

Note: You can get by with only like 4GB (really 8GB to be safe so you can do all the updates), but those that know me have found, I like to go that extra mile.... :-) After, installing it, I planned on setting up some extra software packages and I hate to run out of space.....and conveniently I had a 16GB SanDisk laying around. After I was done, my ~14GB of space was left with ~6Gb free.

Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sdb1             14713768   7681148   6285200  55% /

Note 2: This install is for mobile testing purpose to really test and educate one's self you would be best to install a copy on a real VMWare VM with a 40GB disk. I'm not going to go into how to do all that today. I will point you to http://www.offensive-security.com/metasploit-unleashed/ which is a really good tutorial on the MetaSploit framework (part of BackTrack). It will require a 40GB VM to do the whole tutorial.


I have never installed Linux to a thumb drive, so I did some Google searching. That resulted in a few links... most of which were just installing in "Live Boot" mode...which means you lose all changes between every reboot. "Live Mode" has its "upsides" for certain purposes, but I want to keep my stuff around for a while and don't plan on using it in "real on the job" work. The best instruction I found are here
http://www.infosecramblings.com/backtrack/backtrack-4-usbpersistent-changesnessus/
but, this guy wanted you to either have burned the BT-Final.ISO to a CD/DVD, then boot via the CD/DVD, then install to the the thumb drive. I didn't really want to waste a DVD/CD....plus he has A LOT of extra steps (since he wants to keep the multiple boot modes). If you want to do that, then great follow his instructions, they are good.

Here is the quicker way (well assuming you have VMWare or a DVD/CD). I already have VMWare running on my laptop. So, I created a VM with NO hard drive, mounted the BT-Final.ISO to the VM's CD-ROM. Started the VM. The VM will detect you have a thumb drive and you can use it as it's hard drive. (If you don't have VMWare..then you can still do it this way, but you have to burn a CD/DVD and then reboot your real machine with the CD/DVD in the tray.)

So, its all booted up, and you are sitting at the root@bt# prompt. (Default Login: root/toor)

Startup Networking Services

root@bt# /etc/init.d/networking start
This should go though all your interfaces and get them configured (provided DHCP is running on your network)

Start the Installer
root@bt# startx
(Loads the KDE Desktop)
double-click on the install.sh file on the desktop

Then, just click next on the installer screens until you get to (Step 4 of 7) you should be on the "Prepare Disk Space" screen. It should show your USB drive as the only drive available. (If you booted from CD/DVD, it will show your system disk DO NOT PICK THAT DISK, you will over-write your systems OS). Basically, make sure the disk you are installing to matches the same size as your thumb drive.

Also, take note of it "device mapping" should be something like (sda, sdb, sdc...etc). Whichever one is the thumb drive, take note of that. Mine was sda, since I booted from VMWare and it can't see any other drives.

Now, next on the installer screens until you get to (Step 7 of 7)  Click "Advanced" at the bottom of this screen. In the pop-up change the "Boot Loader" to install on "/dev/sda" (or whatever your Thumb Drive was (sda, sdb, sdc..etc)

Ok, this process takes a while. In my case, it took like 35 minutes or so. When done it is time to test the thumb drive. So, shutdown the VMWare box and your whole PC. Leave the thumb drive in (and provided your BIOS is set to boot from the USB) it should boot up off the thumb drive. (If you have VMWare, you can use the PLOP Bootloader ISO to boot the USB drive in a VMWare environment...saving you the trouble of rebooting your whole machine. Just mount the ISO in a VMWare Server CD/DVD drive and start it up.). PLOP Bootmanager can be found here: http://www.plop.at/en/bootmanagerdl.html


Customize the Install


So, login to the system as root and start KDE (startx).

Create a User Accoun
t

We need to create a regular user. Login into a system directly as root is a BAD idea. So, KDE->System->Users and Groups (or in a console window run 'users-admin') This will pull up the GUI and then you can create a user. You could use the command line 'useradd'...but that is no fun.

Now, add that user (in my case 'cpoma') to the /etc/sudoers file
root@bt# visudo
Add the following line:
    # Members of the admin group may gain root privileges
    %admin ALL=(ALL) ALL
    cpoma ALL=(ALL) ALL
You could just add 'cpoma' to the 'admin' group and avoid this step... same effect

NOW.. LOGOUT!!! AND LOGIN AS THE USER YOU JUST CREATED!!!

So, login to the system as 'cpoma' (or whoever) and start KDE (startx). Open a console, then sudo to root, since you have to be root to do the rest of this stuff....: (I know..why not just stay logged in as root. DON'T DO IT. IT IS A BAD SECURITY PRACTICE!)
cpoma@bt:~$ sudo su
Start Network
root@bt:/home/cpoma# /etc/init.d/networking start
Fix Networking to Start Automatically

Ok, this step is optional, but will save you the trouble of starting the networking stuff up manually every time you boot up:
root@bt:/home/cpoma# /usr/sbin/update-rc.d networking defaults
Wireless Card Configuration

Next issue I had was that the wireless card was not being detected correctly by the KDE Network Monitoring components. I checked that it was detected by the OS by looking at my ifconfig and though the use of Kismet. Kismet could see the card and other networks...KDE in general could not. I fixed this by removing..then reinstalling the "Wicd Network Manager"
root@bt:/home/cpoma# apt-get remove wicd
root@bt:/home/cpoma# apt-get install wicd
It will get installed (and probably remove some components) and it show up under the start menu KDE->Internet-> Wicd Network Manager. From there you can click the arrow down icon next to your SSID, click on Advanced, fill in your security info, Apply, check automatically connect to this network, and click connect.

Update/Upgrade the Image

Undoubtedly the image from the BT-Final.ISO will be out of date. So, we need to update the system and upgrade out-of-date installed packages. The upgrade step takes a while. To do this:
root@bt:/home/cpoma# apt-get -y update
root@bt:/home/cpoma# apt-get -y upgrade
root@bt:/home/cpoma# apt-get clean
Update the Pentesting Tools

Offensive Security provides an updater to keep Fast-Track, Metasploit, Aircrack-NG, W3Af, Nikto, Milw0rm Exploits, Kismet-Newcore, and SQLMap current. You need to run fast-track from it's own directory so make sure you CD into the /pentest/exploits/fasttrack directory.

Just run the following and pick the appropriate options in the updater prompts (I chose option 1(Fasttrack update) then option 12 (update everything)):
root@bt:/home/cpoma# cd /pentest/exploits/fasttrack/
root@bt:/pentest/exploits/fasttrack# ./fast-track.py -i
It will complain that you have never run setup during the update, the stuff is already installed, but doesn't hurt to run the setup utility to make FastTrack "happy":

root@bt:/home/cpoma# cd /pentest/exploits/fasttrack/
root@bt:/pentest/exploits/fasttrack# ./setup.py install
Oddly, if you run setup 1st, you will get stuck in a dependance loop and never actually complete setup... wierd.

SSH Setup

By default BackTrack has SSH setup so that the root can login over SSH. Personal Preference: Turn this feature off, login as a regular user and sudo tasks that require it.
root@bt:/home/cpoma# nano /etc/ssh/sshd_config
Change the parameter “PermitRootLogin” to no. It is around line #26

Next issue I had was that the RSA and DSA host keys didn't exist. When you create them leave the "passphrase" blank. So, to make them run:
root@bt:/home/cpoma# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
root@bt:/home/cpoma# ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
Ok, should be all set now, so start it and make it default to started at boot time. It shouldn't print any errors. If you don't want it starting a boot time, skip the second command:
root@bt:/home/cpoma# /etc/init.d/ssh start
root@bt:/home/cpoma# update-rc.d ssh defaults
Upgrade FireFox

Get the latest version of Firefox from Mozilla.org. For me it was 3.6.8. I download the TAR.BZ2 file and installed it.
root@bt:/home/cpoma# tar xvfj firefox-3.6.8.tar.bz2
root@bt:/home/cpoma# mv firefox /usr/lib/firefox-3.6.8
root@bt:/home/cpoma# rm /usr/bin/firefox
root@bt:/home/cpoma# ln -s /usr/lib/firefox-3.6.8/firefox /usr/bin/firefox
For reference the old pointers were:
lrwxrwxrwx 1 root root 11 2010-07-31 12:39 firefox -> firefox-3.0
lrwxrwxrwx 1 root root 32 2010-07-31 12:39 firefox-3.0 -> ../lib/firefox-3.0.15/firefox.sh
Add some Firefox Plug-in/Add-ons

Go to  https://addons.mozilla.org/en-US/firefox/collection/webdeveloper
and update or install enable/disable the following plug-ins:
FireBug (updated, enable)
PixIr (install)
ColorZilla - (install)
TamperData (updated)
ShowIP (install)
GreaseMonkey (updated, leave disabled)
WebDeveloper (install)
FireProxy Standard - (updated, leave disabled)
HackBar (remove)
MeasureIt (install)
Live HTTP Headers (install)
User Agent Switcher (install)
Random Other Browser Plugin Configuration Stuff

I wanted Adobe Flash and Adobe Air. So, I went to Adobe's website and downloaded the .deb files for each of the items. The Firefox NoScript Plugin is ON by default so you will have to enable scripts so the down-loader will work on Adobe's site. To install them, go to the directory you downloaded them to and run:
root@bt:/home/cpoma# dpkg -i install_flash_player_10_linux.deb
root@bt:/home/cpoma# dpkg -i adobe_air.deb
I also went to Pandora and download the Pandora One player (as I am a Pandora Subscriber and want to listen to music while I work). Basically, you download the .air file. Then, install it using the AIR installer: KDE->Utilities->Adobe AIR Application Installer

Install OpenOffice Office
I would like to use something better than a basic text editor, so I'm going to install OpenOffice. You don't have to do this, but it will be a lot nicer to have this than some random text editor.

This step didn't go so well. In hindsight, you should probably have just run the 'synaptic' installer and it would have probably grabbed everything correctly. I chose to go to OpenOffice.org and download it directly and just install it from the TAR file. It didn't work completely correctly. But, I did get it to work. So, you should probably just run KDE->System->Synaptic Package Manager..... but here is the convoluted set of steps I ended up performing....

Download TAR of the DEB Files directly then:
root@bt:/home/cpoma# tar -xzvf OOo_3.2.1_Linux_x86_install-deb_en-US.tar.gz
root@bt:/home/cpoma#cd OOO320_m18_native_packed-1_en-US.9502/DEBS
root@bt:/home/cpoma/OOO320_m18_native_packed-1_en-US.9502/DEBS# dpkg -i *.deb
root@bt:/home/cpoma/OOO320_m18_native_packed-1_en-US.9502/DEBS# cd desktop-integration
root@bt:/home/cpoma/OOO320_m18_native_packed-1_en-US.9502/DEBS/desktop-integration# dpkg -i *.deb
So, after all that it didn't work..... :-( No worries. Lets see if the GUI installer can help :-)
root@bt:/home/cpoma# synaptic
(will open the Synaptic GUI Software Configuration)

Search for openoffice.org  I get a list of a whole bunch of stuff, but notice while scrolling, that it has installed the OpenOffice parts I downloaded. However, there is a top level OpenOffice Suite, that is not installed, also it is missing the English Help and Thesaurus. So, I check them off and click "apply" in that top bar. It says, it will remove the "desktop customization menus" I installed above, and it needs to download like 41 things. Ok... can't hurt. Install.

At this point it was still not showing up in the menus.... OK, I'll just add the program group to the menu manually, I know the parts are all installed. So, right-click on the "KDE" tray icon, "Edit the Menu", and manually add the items. The run commands for the various parts of OpenOffice are the following and should each be an icon:
ooffice -writer %U
ooffice -calc %U
ooffice -math %U
ooffice -impress %U
ooffice -draw %U
Install Nessus

The Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs and across physically separate networks. Nessus can be obtained from Tenable Network Security at http://www.nessus.org/download/ Both the Client and Server are part of the .DEB a  single package as of version 4.2.
root@bt:/home/cpoma# dpkg -i Nessus-4.2.2-ubuntu810_i386.deb
Side Note: A Podcast with some of the guys from Tenable Network Security see PaulDotCom Security Weekly (http://pauldotcom.com/security-weekly/)

Ok, so to finish this up, we need to create a Nessus Admin user. Make his rules set EMPTY when asked:
root@bt:/home/cpoma# /opt/nessus/sbin/nessus-adduser
Now, in order for it to work properly, we need to register it by going to:
http://www.tenablesecurity.com/plugins/index.php?view=register
Register and get a key for home-use. It will be emailed to you. After you get it:
root@bt:/home/cpoma# /opt/nessus/bin/nessus-fetch --register [CODE HERE FROM EMAIL]
Lastly, it takes a little while for the Nessus Scanner to actually start (Like 10 minutes). So, to prevent it from slowing our boot, we will make sure it doesn't start at boot.
root@bt:/home/cpoma# /usr/sbin/update-rc.d -f nessusd remove
You can start it by-hand by running:
root@bt:/home/cpoma# /etc/init.d/nessusd start
It runs on port 8834. It will take a minute or two to fully start up. To check its progress run:
root@bt:/home/cpoma# netstat -napt
 Once the scanner starts, you can login to it at: https://localhost:8834/

And we are finally done. Well, at least with the stuff I felt like configuring today.