Upload
hoangbao
View
248
Download
0
Embed Size (px)
Citation preview
BackTrack4–TheDefinitiveGuide
Introduction ..............................................................................................................................2Behindthecurtains.................................................................................................................2BackTrackBase ................................................................................................................................. 2BackTrackKernel............................................................................................................................. 2PackagesandRepositories............................................................................................................ 3Metapackages.................................................................................................................................... 4MetaMetaPackages......................................................................................................................... 4UpandrunningwithBackTrack.................................................................................................. 4
InstallingBackTracktoDisk................................................................................................5
UpdatingBacktrack ................................................................................................................5
CustomizingBackTrack.........................................................................................................6CreatingyourownLiveCD–Method1...................................................................................... 6CreatingyourownLiveCD–Method2...................................................................................... 6InstallingBackTracktoUSB.......................................................................................................... 6InstallingBackTracktoUSBPersistentchanges ................................................................ 6
WorkingwithBackTrack ......................................................................................................7KDE3Quirks ....................................................................................................................................... 7Updatingtoolsmanually ................................................................................................................ 7FAQs ...................................................................................................................................................... 7Outro ..................................................................................................................................................... 8
Thisdocumentisaworkinprogress.ItisaquickattempttocoverthemostcommonlyaskedquestionsaboutBackTrack,
inoneplace.Checkonthispagefrequentlyforupdates.
2
Introduction
BackTrack is the world’s leading penetration testing and information security
auditingdistribution.Withhundredsoftoolspreinstalledandconfiguredtorunout
of thebox,BackTrack4providesasolidPenetration testingplatform ‐ fromWeb
applicationHackingtoRFIDauditing–itsallworkinginonceplace.
Behindthecurtains
BackTrackBase
There have beenmany changes introduced into BackTrack 4 ‐most notably, our
movetoanUbuntuIntrepidbase.Wenowmaintainourownfullrepositorieswith
modifiedUbuntupackagesinadditiontoourownpenetrationtestingtools.
Anothersignificantchangeistheupdatedkernelversion,currentlyat2.6.29.4.This
newkernelbrought anonsetof internal changes,whichhavegreatly changed the
structureofBackTrack.
BackTrackKernel
Wenolongeruselzmaenabledsquashfsasourlivefilesystem,whichononehand
results in larger ISOsize,buton theotherhand, freesus fromhaving tomaintain
ourownkernelpatches.Thisisespeciallypainfulthesedays,assquashfsisslowly
movingintothemainstreamkernel(atthetimeofthiswriting).
BackTrack 4 uses squashfs‐tools version 4.0 (which is not backward compatible
withpreviousversions),andtheinbuiltsquashfskernelmodule,whichispresentin
2.6.29.4.AUFSisusedastheunificationfilesystem(aufs2.x).
Several wireless driver injection/optimization patches have been applied to the
kernel, as well as a bootsplash patch. These patches can be found in the kernel
sourcespackage(/usr/src/linux/patches).
3
These changesmean that much of what youwere used to in BackTrack 2/3 has
changedintermsofbootcheatcodesandsuch,asthiskernelshiftalsomeansweno
longerusethelivelinuxscriptstocreateourimages(weusecaspernow).
PackagesandRepositories
Oneofthemostsignificantchanges introducedinBackTrack4aretheDebian like
repositories available, which are frequently updated with security fixes and new
tools.ThismeansthatifyouchoosetoinstallBackTracktodisk,youwillbeableto
getpackagemaintenanceandupdatesbyusingaptgetcommands.
Our BackTrack tools are arranged by parent categories. These are the categories
thatcurrentlyexist:
• BackTrack‐Enumeration
• BackTrack‐Tunneling
• BackTrack‐Bruteforce
• BackTrack‐Spoofing
• BackTrack‐Passwords
• BackTrack‐Wireless
• BackTrack‐Discovery
• BackTrack‐Cisco
• BackTrack–WebApplications
• BackTrack‐Forensics
• BackTrack‐Fuzzers
• BackTrack‐Bluetooth
• BackTrack‐Misc
• BackTrack‐Sniffers
• BackTrack‐VOIP
• BackTrack‐Debuggers
• BackTrack‐Penetration
• BackTrack‐Database
• BackTrack‐RFID
• BackTrack–Python
4
• BackTrack–Drivers
• BackTrack‐GPU
Metapackages
Anice featurethatarises fromthetoolcategorization, is thatwecannowsupport
“BackTrackmeta packages”. Ameta package is a dummy packagewhich includes
several other packages. For example, the meta package “backtrackweb” would
includealltheWebApplicationpenetrationtestingtoolsBackTrackhastooffer.
MetaMetaPackages
Wehavetwo“metametapackages”–backtrackworldandbacktrackdesktop.
backtrackworld contains all the BackTrack meta packages, while backtrack
desktop contains backtrackworld, backtracknetworking and backtrack
multimedia. The latter twometa packages are select applications imported from
Ubunturepositories.
UpandrunningwithBackTrack
We’vemadeashortmoviecalled“upandrunningwithBackTrack”–showingsome
commonandnot so common features.Agoodplace to start inorder tograsp the
newchangesinBackTrack4.
http://www.offensive‐security.com/videos/backtrack‐security‐training‐video/up‐
and‐running‐backtrack.html
5
InstallingBackTracktoDisk
BackTrack 4 (both barebones and full version) now contains amodifiedUbiquity
installer.Theinstallshouldbestraightandsimple.Foravideotutorial,check
http://www.offensive‐security.com/videos/install‐backtrack‐hard‐disk/install‐
backtrack‐hard‐disk.html
UpdatingBacktrack
KeepingBackTrackuptodateisrelativelysimplebyusingtheapt‐getcommands.
aptgetupdatesynchronizesyourpackagelistwithourrepository.
aptgetupgradedownloadsandinstallsalltheupdatesavailable.
aptgetdistupgradedownloadsandinstallsallnewupgrades.
6
CustomizingBackTrack
CreatingyourownLiveCD–Method1
CreatingyourownflavorofBackTrackiseasy.
1. DownloadandinstallthebarebonesversionofBackTrack
2. Useapt‐gettoinstallrequiredpackagesormetapackages.
3. Useremastersystorepackageyourinstallation.
CreatingyourownLiveCD–Method2
DownloadtheBackTrack4 iso.Usethecustomizationscript toupdateandmodify
yourbuildasshowhere:
http://www.offensive‐security.com/blog/backtrack/customising‐backtrack‐live‐cd‐
the‐easy‐way/
InstallingBackTracktoUSB
The easiest method of getting BackTrack4 installed to a USB key is by using the
unetbootinutility(resentinBackTrackin/opt/).
InstallingBackTracktoUSB‐Persistentchanges
AVideotutorialcanbefoundhere:
http://www.offensive‐security.com/videos/backtrack‐usb‐install‐video/backtrack‐
usb‐install.html
7
WorkingwithBackTrack
KDE3Quirks
BackTrack 4 contains an “imposed”KDE3 repository, alongside theKDE4Ubuntu
Intrepidrepositories.SinceBackTrackusesKDE3, it’s importanttorememberthat
KDE3packagescontaina“kde3”postfix,whichmakesthemeasilyidentifiable.
Forexample,ifyouwantedtoinstalltheprogramKDEprogram“kate”,youshould
aptget install katekde3 (install the KDE3 version of kate) rather thanaptget
installkate.(installtheKDE4versionofkate).
Updatingtoolsmanually
Our BackTrack repositories will always strive to keep updated with the latest
versions of tools, with the exception of a select few. These “special” tools get
updatedbytheirauthorsveryfrequently,andoftenincludesignificantupdates.We
feltthatcreatingstaticbinariesforthesetypesoftoolswouldnotbebeneficialand
users were better of keeping these tools synched with the SVN versions
respectively.ThetoolsincludeMSF,W3AF,Nikto,etc.
FAQs
‐ TheUbiquity Installer givesme a “Language failedwith exit code 10”
error.Whattheheck?
‐ Ignoreit.Havefaith.
‐ WhyistheISOsobig?Itusedtobehalfthesize!
‐ Fora long timewestruggled tokeepBTunder the700MB limit.Thiswas
alwaysachallengeandapaininthebackside.Wedecidedtobustthisbarrier
foracoupleofreasons:
8
o We no longer use squashfswith LZMA compression –whichmakes
theimagesizesignificantlylarger.
o ACDisnottheidealmediaforrunningBT4inaliveenvironment.A
USBkeyismuchfasterandreliable.
‐ Whyisthisbuildcalleda“prerelease”?Isn’titstableenough?
‐ ThisisprobablythesturdiestversionofBackTrackwe’veevercomeupwith.
Sayingthis,somebugscanbereallyobscure.Onlyafterrunninganatheros
cardfor40straighthoursdidwenoticewirelessframecorruptions–which
resultedfromafaultypatchweapplied. It’s impossibleforustotestevery
driverandeveryhardwarecombination.ThatwhyweNEEDYOURINPUT(in
theforums).
‐ WhyohwhydidyouuseUbuntuasyourbase?
‐ Checkthisblogpost:
http://backtrack4.blogspot.com/2009/01/philosophical‐thoughts‐about‐
backtrack.html
‐ I’veinstalledBacktrack4toHardDisk.HowdoIlogin??
‐ Use the user / pas cmbination for the user you created during the install.
Onceloggedin,typesudosu,andchangetherootpasswordtoyourliking.
Checkthisvideoformoreinformation:
http://www.offensive‐security.com/videos/backtrack‐security‐training‐
video/up‐and‐running‐backtrack.html
OutroYoucanfindourforumsathttp://forums.remote‐exploit.org.
Feelfreetopostbugfixes,suggestions,toolrequests,etc.
Wehopeyouenjoythisfinerelease!