Backtrack 3 – USB/Persistent Changes/Nessus/Firefox 3/Latest nmap

HOW-TO Moved: I have moved my blog to http://www.infosecramblings.com. While this page still has value, the real how-to is now here: http://www.infosecramblings.com/backtrack-3-usb-persistent-nessus-ff3-nmap/

——

Recently I needed a bootable USB version of Backtrack 3 that would allow me to save state between boots. In other words, persistent changes. I had two main reasons for wanting persistent changes:

  1. I needed to install Nessus.
  2. I wanted Fyodor’s latest version of nmap. The one that has all goodies he talked about in his Blackhat 2008 talk.

I also thought that while I was at it I may as well install Firefox 3. One note about Firefox 3, there are a couple of add-ons that are installed by default in Backtrack that are not compatible with Firefox 3. They are XSS Inject ME and SQL Inject ME. If you want or need those add-ons, don’t install Firefox 3 in the manner I describe here.

I would love to say that I am really smart and figured out how to all the above on my own, but that would be lying 🙂 Most of the information contained on this page was gleaned from the following sources:

  1. Persistent changes – post by Deathray on backtrack forums here: http://forums.remote-exploit.org/showthread.php?t=10236&page=3
  2. Nessus – post by Wouter Veugelen here: http://www.voipsec.eu/?p=205 who gives credit to williamc from this thread http://forums.remote-exploit.org/showthread.php?t=13127&page=3
  3. Firefox 3 – Post by hawaii67 here http://forums.remote-exploit.org/showthread.php?p=88562
  4. Nmap – Post by Daniel Miesler here http://dmiessler.com/blog/a-summary-of-new-nmap-features-from-blackhatdefcon-2008

I have merely collected it here so that it is available in one spot. This guide is written with the following assumptions:

  1. You know how to partition and format disks.
  2. You are familiar with Backtrack.
  3. You are familiar with Nessus.
  4. You are familiar with Linux.
  5. You are familiar with Windows.

So, without further adieu, let’s get started!

Bootable Backtrack 3 USB thumbdrive

First we need to download the USB version of Backtrack 3. This is an extended version with a few more tools. From the Remote-Exploit website:

Description: USB Version (Extended)
Name:: bt3final_usb.iso
Size: 784 MB
MD5: 5d27c768e9c2fef61bbc208c78dadf22
SHA1: 3aceedea0e8e70fff2e7f7a7f3039704014e980f
Download: Click here

Go ahead and download that bad boy. You are going to end up with an iso image that you need to mount so that you can copy files from it to the thumbdrive. If you are using a Windows systems for the first part of this guide like I did, you will need a way to access the files in the iso images. There are several ways to do so. This page has several free options that can be used to mount the iso as a virtual CDROM. An even easier way is to install 7-Zip. 7-Zip can open a iso file as if it was an archive. You can then copy files from the archive to the USB thumbdrive. If using *nix, you can use the loop feature of mount to get to the files.

The next step is to configure our USB thumbdrive. I used a 4 GB drive as I read that we would need 1.2 GB for persistent changes. After I got everything working, it looks to me like we can get away with a 2 GB stick if we are careful about cleanup of extraneous files such as logs and such.

Regardless of the size thumbdrive we use, we need to partition and format the drive as follows:

  1. The first partition needs to be a primary partition of at least 1 GB and formated as FAT32.
  2. The second Partition can be the rest of the thumbdrive. It needs to be formatted as ext2.

If you are using a windows systems to try and repartition the drive, you will likely run into some problems. This is because Windows sees most USB thumbdrives as removable media and does not support multiple partitions on them. It also does not allow us to delete the existing partition from the drive. This is because most thumbdrives have what is called the ‘Removable Media Bit’ set. This blog post describes the situation very well and offers a method to get around it. Caution, you can ruin a drive doing this. The other way is to repartition the drive using a Linux machine. A booted Backtrack CD works very well for this purpose. For one drive, I was able to use Windows, for the other, I used Backtrack to partition the thumbdrive. After partitioning, you can boot back to Windows and the first partition will be seen and be ready for formatting.

So now we have a usb thumbdrive with at least one 1 GB FAT32 partition on it. Go to our mounted Backtrack iso image and copy the /bt3 and /boot directories to the first partition of the usb thumbdrive.

Next we need to open a shell or command window and make the thumbdrive bootable. Here is how I did it in on a Windows XP machine:

  1. Open a command windows.
  2. Change to the drive letter that my thumbdrive is mounted on.
  3. cd /boot
  4. execute bootinst.bat

Ta da, we should now have a bootable Backtrack 3 thumbdrive. I did the rest of my configuration from the booted thumbdrive.

Persistent Changes

Let’s configure persistent changes while booted to Backtrack 3. I chose Backtrack 3 with KDE for my operating environment. Once we have booted into Backtrack we need to configure the rest of the thumbdrive if we haven’t already done so. I used fdisk to create a second partition from the remainder of the drive and formatted it with mkfs.ext2. In my case my usb drive was /dev/sda.

Once we have a formatted second partition, mount it and create a changes directory in the root of the file system.

  1. open a terminal windows
  2. mount /dev/sda2 /mnt/sda2
  3. cd /mnt/sda2
  4. mkdir changes

Next we need to make some changes to how the system boots. Execute the following:

  1. cd /boot/syslinux
  2. chmod +Xx lilo
  3. chmod +Xx syslinux

Open syslinux.cfg with your favorite editor and make the following change. Note: I copied the boot definition I wanted to change and created a new entry so I would have a fall back option if something became broken. Again, I booted to KDE.

  1. Find the line “LABEL xconf1”.
  2. Copy that line and next 3 and paste them right below the existing line.
  3. Change the “LABEL xconf1” to something you want like “LABEL xconf1-persist” and description to something like “MENU LABEL KDE with persistent changes”
  4. Change the line that begins with APPEND in your copied section by adding “changes=/dev/sdx2” immediately after “root=/dev/ram0 rw” where the x is the drive appropriate for your system. In my case it looks like this, “….root=/dev/ram0 rw changes=/dev/sda2….”
  5. Save your changes and exit the editor.

That should do it. Reboot and select the option you setup configured. To test it, create a file and reboot again. If your file is still there, everything is golden.

Install Nessus

Now that our changes are saved from boot to boot, we can install things and they won’t disappear on us 🙂

Download the Fedora 8 Nessus and NessusClient rpms from nessus.org. I have heard that the Fedora 9 rpms cause problems, so stick with version 8 for now. As of this writing, Nessus is at version 3.2.1. Make sure to change the version numbers below if you have downloaded a different version.

Convert them to tgz files.

rpm2tgz Nessus-3.2.1-fc8.i386.rpm
rpm2tgz NessusClient-3.2.1-fc8.i386.rpm

Install both packages. You can use either installpkg or pkgtool. I use installpkg.

installpkg Nessus-3.2.1-fc8.i386.tgz
installpkg NessusClient-3.2.1-fc8.i386.tgz

Now we need to make some adjustments to the system for things to work. Execute the following:

cd /opt/
export PATH=$PATH:/opt/nessus/sbin:/opt/nessus/bin:
cp /usr/lib/libssl.so /lib
cp /usr/lib/libcrypto.so /lib
cp /opt/nessus/lib/libnessus.so.3 /lib
cp /opt/nessus/lib/libnessusrx.so.0 /lib
cp /opt/nessus/lib/libpcap-nessus.so.3 /lib
cd /lib
ln libssl.so libssl.so.6
ln libcrypto.so libcrypto.so.6

We also need up update ld.so.conf file.

echo "/opt/nessus/lib" >> /etc/ld.so.conf
ldconfig

Finally it’s time to configure Nessus. Execute each of the following and follow the prompts.

/opt/nessus/sbin/nessus-mkcert
/opt/nessus/sbin/nessus-adduser

You need to go here and request a key so you can get your feed. That is a link to the free feed for home use. Use appropriately.

Once you have your key. Execute the following to update your plugins.

cd /opt/nessus/etc/nessus
nessus-fetch --register [you feed code here]

When that is done and it is going to take a few minutes, you are ready to start the server and client.

/opt/nessus/sbin/nessusd -D
/opt/nessus/bin/NessusClient

Woohoo, time to find those vulnerabilities.

I know you’re tired, but there are only a couple more things to do.

Install Firefox 3

This is really easy. Just do the following:

cd ~

wget http://repository.slacky.eu/slackware-12.1/network/firefox/3.0.1/en-us/mozilla-firefox-en-us-3.0.1-i686-1sl.tgz

installpkg mozilla-firefox-en-us-3.0.1-i686-1sl.tgz

And finally let’s get Fyodor’s Blackhat 2008 nmap.

Installing nmap

Nmap 4.75 stable has been released.  When I first created this how-to, it was net yet released.  I am goint to leave the original instructions in place for the moment becuase I have not had a chance to test 4.75 on Backtrack 3 yet.  However, if you are adventurous, instrucutions for installing 4.75 follow immediately after the Blackhat version instructions.

Blackhat 2008 Nmap

Execute the following.  Warning: Copying and pasting the svn command below replaces the dashes and quotes for some reason.  If you have a problem, double check that your command line is good.

cd ~

svn co –username guest –password “” svn://svn.insecure.org/nmap-exp/bhdc08/

cd bhdc08

./configure

make

make install

Nmap 4.75

Very similar to the above.

cd ~

wget http://download.insecure.org/nmap/dist/nmap-4.75.tar.bz2

tar xjf nmap-4.75.tar.bz2

cd nmap-4.75

./configure

make

make install

There you have it. A bootable USB thumbdrive with Backtrack 3, persistent changes, Nessus, Firefox 3 and the latest nmap from Fyodor as of this writing.

Please let me know of any corrections or changes that should be made. You can leave a comment or send me a note at kriggins [at] infosecramblings.com.

Kevin

Advertisements

9 Responses to Backtrack 3 – USB/Persistent Changes/Nessus/Firefox 3/Latest nmap

  1. […] Backtrack 3 – USB/Persistent Changes/Nessus/Firefox 3/BH08 Nmap   […]

  2. robdew says:

    Kevin a couple of things:

    in the second list of references at the top, can you make the URLs links?

    “I have heard that the Fedora 8 rpms cause problems, so stick with version 8 for now.” <— Is one of these version #’s wrong?

  3. Kevin Riggins says:

    Thanks rbodew.

    I meant to make those references links and forgot to. I also corrected the Fedora rpm version confusion.

    Kevin

  4. David Holtkamp says:

    Hey,
    I think the line
    echo “/opt/nessus/lib” > /etc/ld.so.conf
    should really be
    echo “/opt/nessus/lib” >> /etc/ld.so.conf

    Not doing so overwrites the files and causes a major headache (believe me, I did it).

    David

  5. Kevin Riggins says:

    Thanks David.

    I apologize for the grief that mistake caused. I have updated the how-to.

    kevin

  6. David Holtkamp says:

    No problem, everyone makes a mistake. It was a very useful tutorial. I hadn’t even heard about the new version of nmap before reading it. One other small typo I foud was that the flag on nessus-fetch is –register not -register.

    thanks again,

    David

  7. Kevin Riggins says:

    –register error fixed too.

    Thanks again.

    Kevin

  8. […] Si tienes la version Usb y quieres saber como poder instalarlo y que puedas hacer persistan changes les dejo este muy buen manual. […]

  9. Steve says:

    Hi,

    Thanks for making this tutorial!

    I’m stuck on one part though. I have managed to install BT onto my USB drive and it is now bootable and working great.

    My problem is making it persistent.

    You say you “used fdisk to create a second partition from the remainder of the drive and formatted it with mkfs.ext2. In my case my usb drive was /dev/sda”

    But I’m lost as to the command to use and the fdisk man pages are a little scary.

    Could you tell me what to enter?

    I have a 4gb flash drive, this is the fdisk -l output:

    Disk /dev/sdb: 4022 MB, 4022337536 bytes
    255 heads, 63 sectors/track, 489 cylinders
    Units = cylinders of 16065 * 512 = 8225280 bytes
    Disk identifier: 0x000d5956

    Device Boot Start End Blocks Id System
    /dev/sdb1 * 1 141 1132551 b W95 FAT32
    /dev/sdb2 142 489 2795310 5 Extended
    /dev/sdb5 142 489 2795278+ 83 Linux

    What is the fdisk command should I enter?

    If you could tell me that would be really appreciated!

    Many thanks!

    Steve 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: