FYI : An excellent guide about Backtrack4 can be found at BackTrack 4 – The Definitive Guide
Alternatively, you can create a USB based BT from Windows by using UNetbootin (Windows).
Partition the USB drive (as explained above), run UNetbootin, select the BT4 Pre-final ISO file, select the USB drive and install.
After the installation, find syslinux.cfg in the root of the first partition on the USB. Edit the file and add the vga=0×317 parameter after “Start Persistent Live CD” (under label ubnentry4)
At the top of the file, set default to ubnentry4. Save the file and you’re all set
3. Networking and Network Services
Networking
By default, DHCP (or networking for that matter) is disabled. You need to run ‘/etc/init.d/networking start’ to start networking. If you want to load networking at boot (on a HD install or USB with persistent changes), add that command into /etc/init.d/rc.local or run “sudo /usr/sbin/update-rc.d networking defaults”
Wireless networking can be started with Knetworkmanager (run “sudo /etc/init.d/NetworkManager”)
SSH
Edit ssh config and disable root logon via ssh :
sudo vi /etc/ssh/sshd_config and set “PermitRootLogin” to no.
If you get an error about the ssh_host_dsa_key or ssh_host_rsa_key not being found, generate the keys and try again
Starting OpenBSD Secure Shell server: sshd
Could not load host key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
Generate host keys :
Start sshd (“sudo /etc/init.d/ssh start”)
If you want to enable ssh to start at boot time, run update-rc.d ssh defaults
4. Keeping Backtrack up-to-date
To download and install all new updates, run apt-get dist-upgrade
The first time you run the apt-get update, you may get an error “GPG error : http://ppa.launchpad.net intrpid Release: The following signatures couln’t be verified because the public key…”
Quick fix :
(Then run the apt-get update again and it should work)
Upgrading the distro to the lastest version :
Warning : an “upgrade” in BT4Beta will also upgrade KDE to 3.5.. If KDE is not working anymore after update/upgrade ? (a.k.a. ‘startx’ does not seem to work) :
(this issue should be fixed in the final version)
Updating security components
First update fast-track, then update other individual components (Metasploit, Aircrack, nikto, etc; or choose ‘9’ to update all)
If updating nikto doesn’t work :
Fix :
5. Change keyboard layout
6. Installing Nessus
First, download the Nessus and NessusClient installation packages from the Nessus (Tenable Network Security) website : http://www.nessus.org/download/
(Choose ‘Nessus for Linux’) and download the packages for Ubuntu. Put the .deb files in /tmp
Install Nessus Daemon
Install Nessus Client
Before installing the client, you will need to install some dependencies :
Now you can install the client :
Create Certificate
Create a Nessus user:
Register/update plugins
Get yourself a key that will provide access to the free home update feed : Register a HomeFeed
You will receive an email that contains the feed code.
Install/Register the code with the following command (and update the plugins at the same time) :
Verify that “auto_update” in /opt/nessus/etc/nessus/nessusd.conf is set according to the behaviour you want to achieve. If you want to manually update the plugins, you can run :
Make sure Nessus does not start at boot
Launch Nessus daemon
Install additional plugins
http://www.alienvault.com/free_feed_for_nessus.php
Nessus/OpenVAS wrapper for ike-scan
7. Wireless auditing
Crack WEP : Cheatsheet – Cracking WEP with Backtrack 4 and aircrack-ng
Crack WPA2 PSK : Cheatsheet – Cracking WPA2 PSK with Backtrack 4, aircrack-ng and John The Ripper
Wepbuster : Download from http://code.google.com/p/wepbuster/. Installation procedure (assuming that wepbuster was downloaded into /tmp) :
Modify parameters :
edit wepbuster and change the $airodumpwait and $scan_duration parameters (and set them to a value higher than 20):
Reboot
Enjoy!!!
1. Installing Backtrack to a harddrive (using Ubiquity)
- Boot from the Backtrack DVD and choose “Start Backtrack in Text Mode”
- Backtrack will boot and will automatically end up at a root prompt.
- Launch the GUI by running ‘startx’.
- Open a konsole and run ‘ubiquity’.
- At the “Language crashed” dialog, choose “Continue anyway’”
- Set timezone and choose keyboard layout.
- Let backtrack partition the disk. (‘Use entire disk’)
- Enter new user account information. (Pick a strong password, as this will be the user account used to log on into Backtrack)
- Review the installation summary and press “install” to start the installation.
- Reboot when installation has completed
- Log in with the newly created user
- change the password for root (sudo passwd root)
- In Virtualbox, select “Devices – Install Guest Additions”)
- open Konsole, mount cdrom (“mount cdrom”) and run “sudo /media/cdrom/VBoxLinuxAdditions-x86.run”
- reboot (“sudo reboot”)
2. Running Backtrack from USB (with support for persistent changes)
This procedure only works for Backtrack 4 Pre-final. You need a 4Gb (or bigger) USB stick to run BT4 Pre-Final.- Boot Backtrack and insert the USB. In my test environment, I’m running BT on VirtualBox. Let’s say the USB was detected as sda (run ‘dmesg’ to see system messages after you have connected the USB) .
- Mount the Backtrack CDRom
- mount /dev/cdrom /media/cdrom
- Run fdisk :
- fdisk /dev/sda
- Verify that there are no partitions : ‘p’ (or use ‘d’ to remove any existing partitions, ‘w’ to write the changes, and run fdisk again)
- create a new partion : ‘n’
- p (primary)
- Partition number 1
- First cilinder : use default 1
- Last cylinder : +1500M
- create another new partition : ‘n’
- p (primary)
- Partition number 2
- First cilinder : use default value
- Last cylinder : +1500M
- Set first partition active and set partition type of first partition to FAT32
- a
- 1
- t
- 1
- b
- Look at the partition table now. There should be 2 partitions of each 1,5G
- write the changes to disk : ‘w’
- a
- fdisk /dev/sda
- Format the 2 partitions :
mkfs.vfat -F 32 -n BT4 /dev/sda1 mkfs.ext3 -b 4096 -L casper-rw /dev/sda2Use the default journal size (8192 blocks) - Mount the USB key and copy the file structure from the CDRom to USB stick
mkdir /mnt/sda1 mount /dev/sda1 /mnt/sda1 rsync -avh /media/cdrom/ /mnt/sda1/(don’t forget the backslashes after ‘cdrom’ and after ‘sda1’ !) - When all files are copied (1,32Gbytes, may take a little while) , run grub-install
grub-install --no-floppy --root-directory=/mnt/sda1 /dev/sda1
- Edit boot menu
vi /mnt/sda1/boot/grub/menu.lstSet ‘default’ to 5Find the entry with title “Start Persistent Live CD”. Change the title to for example “Start Persistent Live USB”.Edit the line below the title (“kernel” line) and add the following statement at the end of the line :vga=0×317Save the changes - Unmount the USB key
cd / umount /mnt/sda1
- Boot a computer from this newly created USB and verify that BT works, and that changes are written onto the USB.
Alternatively, you can create a USB based BT from Windows by using UNetbootin (Windows).
Partition the USB drive (as explained above), run UNetbootin, select the BT4 Pre-final ISO file, select the USB drive and install.
After the installation, find syslinux.cfg in the root of the first partition on the USB. Edit the file and add the vga=0×317 parameter after “Start Persistent Live CD” (under label ubnentry4)
At the top of the file, set default to ubnentry4. Save the file and you’re all set
3. Networking and Network Services
Networking
By default, DHCP (or networking for that matter) is disabled. You need to run ‘/etc/init.d/networking start’ to start networking. If you want to load networking at boot (on a HD install or USB with persistent changes), add that command into /etc/init.d/rc.local or run “sudo /usr/sbin/update-rc.d networking defaults”
Wireless networking can be started with Knetworkmanager (run “sudo /etc/init.d/NetworkManager”)
SSH
Edit ssh config and disable root logon via ssh :
sudo vi /etc/ssh/sshd_config and set “PermitRootLogin” to no.
If you get an error about the ssh_host_dsa_key or ssh_host_rsa_key not being found, generate the keys and try again
Starting OpenBSD Secure Shell server: sshd
Could not load host key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
Generate host keys :
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_keyIf you want to enable ssh to start at boot time, run update-rc.d ssh defaults
4. Keeping Backtrack up-to-date
Updating & Upgrading Backtrack
/usr/bin/apt-get -y update
/usr/bin/apt-get -y upgradeThe first time you run the apt-get update, you may get an error “GPG error : http://ppa.launchpad.net intrpid Release: The following signatures couln’t be verified because the public key…”
Quick fix :
wget http://apt.pearsoncomputing.net/public.gpg
sudo apt-key add public.gpg
rm public.gpgUpgrading the distro to the lastest version :
apt-get update && apt-get dist-upgrade -yroot@bt:~# cd /etc/alternatives/
root@bt:/etc/alternatives# mv x-session-manager x-session-manager-broken
root@bt:/etc/alternatives# ln -s /opt/kde3/bin/startkde x-session-manager
root@bt:/etc/alternatives# startxUpdating security components
/pentest/exploits/fast-track.py -iIf updating nikto doesn’t work :
Updating Nikto...
cd: 1: can't cd to /pentest/scanners/nikto/
/bin/sh: ./nikto.pl: not found root@bt:~# mkdir /pentest/scanners/nikto/
root@bt:~# ln -s /usr/bin/nikto /pentest/scanners/nikto/nikto.pl
root@bt:/pentest/exploits/~# ./fast-track -c 1 25. Change keyboard layout
dpkg-reconfigure console-setup6. Installing Nessus
First, download the Nessus and NessusClient installation packages from the Nessus (Tenable Network Security) website : http://www.nessus.org/download/
(Choose ‘Nessus for Linux’) and download the packages for Ubuntu. Put the .deb files in /tmp
Install Nessus Daemon
root@bt4-1:/tmp# ls Nessus* -al
-rw-r--r-- 1 root root 3002846 Jul 4 15:46 Nessus-4.0.1-ubuntu810_i386.deb
-rw-r--r-- 1 root root 500624 Jul 4 15:46 NessusClient-4.0.1-ubuntu810_i386.deb
root@bt4-1:/tmp#
root@bt4-1:/tmp# dpkg --install Nessus-4.0.1-ubuntu810_i386.deb
Selecting previously deselected package nessus.
(Reading database ... 183074 files and directories currently installed.)
Unpacking nessus (from Nessus-4.0.1-ubuntu810_i386.deb) ...
Setting up nessus (4.0.1) ...
nessusd (Nessus) 4.0.1. for Linux
(C) 1998 - 2009 Tenable Network Security, Inc.
- Please run /opt/nessus/sbin/nessus-adduser to add a user
- Register your Nessus scanner at http://www.nessus.org/register/ to obtain
all the newest plugins
- You can start nessusd by typing /etc/init.d/nessusd start
root@bt4-1:/tmp# Install Nessus Client
Before installing the client, you will need to install some dependencies :
root@bt4-1:/tmp# apt-get install libqt4-core libqt4-gui
libqtcore4 libqt4-network libqt4-script libqt4-xml
libqt4-dbus libqt4-test libqtgui4 libqt4-svg libqt4-opengl
libqt4-designer libqt4-assistant
Reading package lists... Done
Building dependency tree
Reading state information... Done
libqtcore4 is already the newest version.
libqtcore4 set to manually installed.
libqt4-network is already the newest version.
libqt4-network set to manually installed.
libqt4-script is already the newest version.
libqt4-script set to manually installed.
libqt4-xml is already the newest version.
libqt4-xml set to manually installed.
libqt4-dbus is already the newest version.
libqt4-dbus set to manually installed.
libqt4-test is already the newest version.
libqt4-test set to manually installed.
libqtgui4 is already the newest version.
libqtgui4 set to manually installed.
libqt4-svg is already the newest version.
libqt4-svg set to manually installed.
libqt4-designer is already the newest version.
libqt4-designer set to manually installed.
libqt4-assistant is already the newest version.
libqt4-assistant set to manually installed.
The following NEW packages will be installed:
libqt4-core libqt4-gui libqt4-opengl
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 176kB of archives.
After this operation, 762kB of additional disk space will be used.
Get:1 http://archive.offensive-security.com pwnsauce/main libqt4-core 4.4.3-0ubuntu1.2 [7562B]
Get:2 http://archive.offensive-security.com pwnsauce/main libqt4-opengl 4.4.3-0ubuntu1.2 [161kB]
Get:3 http://archive.offensive-security.com pwnsauce/main libqt4-gui 4.4.3-0ubuntu1.2 [7554B]
Fetched 176kB in 1s (114kB/s)
debconf: apt-extracttemplates failed: Bad file descriptor
Selecting previously deselected package libqt4-core.
(Reading database ... 183131 files and directories currently installed.)
Unpacking libqt4-core (from .../libqt4-core_4.4.3-0ubuntu1.2_i386.deb) ...
Selecting previously deselected package libqt4-opengl.
Unpacking libqt4-opengl (from .../libqt4-opengl_4.4.3-0ubuntu1.2_i386.deb) ...
Selecting previously deselected package libqt4-gui.
Unpacking libqt4-gui (from .../libqt4-gui_4.4.3-0ubuntu1.2_i386.deb) ...
Setting up libqt4-core (4.4.3-0ubuntu1.2) ...
Setting up libqt4-opengl (4.4.3-0ubuntu1.2) ...
Setting up libqt4-gui (4.4.3-0ubuntu1.2) ...
Processing triggers for libc6 ...
ldconfig deferred processing now taking placeNow you can install the client :
root@bt4-1:/tmp# dpkg --install NessusClient-4.0.1-ubuntu810_i386.deb
Selecting previously deselected package nessusclient.
(Reading database ... 183150 files and directories currently installed.)
Unpacking nessusclient (from NessusClient-4.0.1-ubuntu810_i386.deb) ...
Setting up nessusclient (4.0.1) ...Create Certificate
root@bt4-1:/tmp# /opt/nessus/sbin/nessus-mkcert
-------------------------------------------------------------------------------
Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------
This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.
CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [FR]: BE
Your state or province name [none]: WVL
Your location (e.g. town) [Paris]: Deerlijk
Your organization [Nessus Users United]: Corelan
Congratulations. Your server certificate was properly created.
The following files were created :
. Certification authority :
Certificate = /opt/nessus//com/nessus/CA/cacert.pem
Private key = /opt/nessus//var/nessus/CA/cakey.pem
. Nessus Server :
Certificate = /opt/nessus//com/nessus/CA/servercert.pem
Private key = /opt/nessus//var/nessus/CA/serverkey.pem
root@bt4-1:/tmp# Create a Nessus user:
root@bt4-1:/tmp# /opt/nessus/sbin/nessus-adduser
Login : MyGreatNessusAdminUser
Authentication (pass/cert) : [pass]
Login password :
Login password (again) :
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that peter has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Aborted by end-user.Register/update plugins
Get yourself a key that will provide access to the free home update feed : Register a HomeFeed
You will receive an email that contains the feed code.
Install/Register the code with the following command (and update the plugins at the same time) :
root@bt4-1:/tmp# /opt/nessus/bin/nessus-fetch --register PUT-YOUR-CODE-HERE
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.root@bt4-1:/tmp# /opt/nessus/sbin/nessus-update-plugins
Fetching the newest updates from nessus.org...
Done. The Nessus server will restart when its scans are finishedMake sure Nessus does not start at boot
root@bt4-1:/tmp# update-rc.d -f nessusd remove
Removing any system startup links for /etc/init.d/nessusd ...
/etc/rc0.d/K20nessusd
/etc/rc1.d/K20nessusd
/etc/rc2.d/S20nessusd
/etc/rc3.d/S20nessusd
/etc/rc4.d/S20nessusd
/etc/rc5.d/S20nessusd
/etc/rc6.d/K20nessusdLaunch Nessus daemon
root@bt4-1:/tmp# /etc/init.d/nessusd start
Starting Nessus : .
root@bt4-1:/tmp# Install additional plugins
http://www.alienvault.com/free_feed_for_nessus.php
Nessus/OpenVAS wrapper for ike-scan
7. Wireless auditing
Crack WEP : Cheatsheet – Cracking WEP with Backtrack 4 and aircrack-ng
Crack WPA2 PSK : Cheatsheet – Cracking WPA2 PSK with Backtrack 4, aircrack-ng and John The Ripper
Wepbuster : Download from http://code.google.com/p/wepbuster/. Installation procedure (assuming that wepbuster was downloaded into /tmp) :
root@bt:/# cd /tmp
root@bt:/tmp# tar xvfz wepbuster.tgz
wepbuster-1.0_beta/
wepbuster-1.0_beta/README.TXT
wepbuster-1.0_beta/wepbuster
root@bt:/tmp# mv wepbuster-1.0_beta/wepbuster /usr/local/bin
root@bt:/tmp# Modify parameters :
edit wepbuster and change the $airodumpwait and $scan_duration parameters (and set them to a value higher than 20):
# Time to wait before reading the airodump output. 23 seconds/sleeps should be safe on default aircrack
-ng installation which updates ]
# .csv files every 20 seconds;
my $airodumpwait = 23 ;
# Initial airodump scan duration (sleeps) when trying to build target AP list
my $scan_duration = 23;8. Installing/Running in VMWare, but KDE resolution is bad ?
Run “fixvmware”9. Log on in KDE with root (dangerous ! But if you still want to do it…)
Edit /etc/kde3/kdm/kdmrc and set the following parameters :AllowRootLogin=true
AutoLoginEnable=true
AutoLoginUser=root
AutoLoginPass=secret Enjoy!!!
No comments:
Post a Comment