HOW-TO Moved: I have moved my blog to http://www.infosecramblings.com. While this page still has value, the real how-to is now here: http://www.infosecramblings.com/backtrack-3-usb-persistent-nessus-ff3-nmap/
Recently I needed a bootable USB version of Backtrack 3 that would allow me to save state between boots. In other words, persistent changes. I had two main reasons for wanting persistent changes:
- I needed to install Nessus.
- I wanted Fyodor’s latest version of nmap. The one that has all goodies he talked about in his Blackhat 2008 talk.
I also thought that while I was at it I may as well install Firefox 3. One note about Firefox 3, there are a couple of add-ons that are installed by default in Backtrack that are not compatible with Firefox 3. They are XSS Inject ME and SQL Inject ME. If you want or need those add-ons, don’t install Firefox 3 in the manner I describe here.
I would love to say that I am really smart and figured out how to all the above on my own, but that would be lying 🙂 Most of the information contained on this page was gleaned from the following sources:
- Persistent changes – post by Deathray on backtrack forums here: http://forums.remote-exploit.org/showthread.php?t=10236&page=3
- Nessus – post by Wouter Veugelen here: http://www.voipsec.eu/?p=205 who gives credit to williamc from this thread http://forums.remote-exploit.org/showthread.php?t=13127&page=3
- Firefox 3 – Post by hawaii67 here http://forums.remote-exploit.org/showthread.php?p=88562
- Nmap – Post by Daniel Miesler here http://dmiessler.com/blog/a-summary-of-new-nmap-features-from-blackhatdefcon-2008
I have merely collected it here so that it is available in one spot. This guide is written with the following assumptions:
- You know how to partition and format disks.
- You are familiar with Backtrack.
- You are familiar with Nessus.
- You are familiar with Linux.
- You are familiar with Windows.
So, without further adieu, let’s get started!
Bootable Backtrack 3 USB thumbdrive
First we need to download the USB version of Backtrack 3. This is an extended version with a few more tools. From the Remote-Exploit website:
Description: USB Version (Extended)
Size: 784 MB
Download: Click here
Go ahead and download that bad boy. You are going to end up with an iso image that you need to mount so that you can copy files from it to the thumbdrive. If you are using a Windows systems for the first part of this guide like I did, you will need a way to access the files in the iso images. There are several ways to do so. This page has several free options that can be used to mount the iso as a virtual CDROM. An even easier way is to install 7-Zip. 7-Zip can open a iso file as if it was an archive. You can then copy files from the archive to the USB thumbdrive. If using *nix, you can use the loop feature of mount to get to the files.
The next step is to configure our USB thumbdrive. I used a 4 GB drive as I read that we would need 1.2 GB for persistent changes. After I got everything working, it looks to me like we can get away with a 2 GB stick if we are careful about cleanup of extraneous files such as logs and such.
Regardless of the size thumbdrive we use, we need to partition and format the drive as follows:
- The first partition needs to be a primary partition of at least 1 GB and formated as FAT32.
- The second Partition can be the rest of the thumbdrive. It needs to be formatted as ext2.
If you are using a windows systems to try and repartition the drive, you will likely run into some problems. This is because Windows sees most USB thumbdrives as removable media and does not support multiple partitions on them. It also does not allow us to delete the existing partition from the drive. This is because most thumbdrives have what is called the ‘Removable Media Bit’ set. This blog post describes the situation very well and offers a method to get around it. Caution, you can ruin a drive doing this. The other way is to repartition the drive using a Linux machine. A booted Backtrack CD works very well for this purpose. For one drive, I was able to use Windows, for the other, I used Backtrack to partition the thumbdrive. After partitioning, you can boot back to Windows and the first partition will be seen and be ready for formatting.
So now we have a usb thumbdrive with at least one 1 GB FAT32 partition on it. Go to our mounted Backtrack iso image and copy the /bt3 and /boot directories to the first partition of the usb thumbdrive.
Next we need to open a shell or command window and make the thumbdrive bootable. Here is how I did it in on a Windows XP machine:
- Open a command windows.
- Change to the drive letter that my thumbdrive is mounted on.
- cd /boot
- execute bootinst.bat
Ta da, we should now have a bootable Backtrack 3 thumbdrive. I did the rest of my configuration from the booted thumbdrive.
Let’s configure persistent changes while booted to Backtrack 3. I chose Backtrack 3 with KDE for my operating environment. Once we have booted into Backtrack we need to configure the rest of the thumbdrive if we haven’t already done so. I used fdisk to create a second partition from the remainder of the drive and formatted it with mkfs.ext2. In my case my usb drive was /dev/sda.
Once we have a formatted second partition, mount it and create a changes directory in the root of the file system.
- open a terminal windows
- mount /dev/sda2 /mnt/sda2
- cd /mnt/sda2
- mkdir changes
Next we need to make some changes to how the system boots. Execute the following:
- cd /boot/syslinux
- chmod +Xx lilo
- chmod +Xx syslinux
Open syslinux.cfg with your favorite editor and make the following change. Note: I copied the boot definition I wanted to change and created a new entry so I would have a fall back option if something became broken. Again, I booted to KDE.
- Find the line “LABEL xconf1”.
- Copy that line and next 3 and paste them right below the existing line.
- Change the “LABEL xconf1” to something you want like “LABEL xconf1-persist” and description to something like “MENU LABEL KDE with persistent changes”
- Change the line that begins with APPEND in your copied section by adding “changes=/dev/sdx2” immediately after “root=/dev/ram0 rw” where the x is the drive appropriate for your system. In my case it looks like this, “….root=/dev/ram0 rw changes=/dev/sda2….”
- Save your changes and exit the editor.
That should do it. Reboot and select the option you setup configured. To test it, create a file and reboot again. If your file is still there, everything is golden.
Now that our changes are saved from boot to boot, we can install things and they won’t disappear on us 🙂
Download the Fedora 8 Nessus and NessusClient rpms from nessus.org. I have heard that the Fedora 9 rpms cause problems, so stick with version 8 for now. As of this writing, Nessus is at version 3.2.1. Make sure to change the version numbers below if you have downloaded a different version.
Convert them to tgz files.
Install both packages. You can use either installpkg or pkgtool. I use installpkg.
Now we need to make some adjustments to the system for things to work. Execute the following:
cp /usr/lib/libssl.so /lib
cp /usr/lib/libcrypto.so /lib
cp /opt/nessus/lib/libnessus.so.3 /lib
cp /opt/nessus/lib/libnessusrx.so.0 /lib
cp /opt/nessus/lib/libpcap-nessus.so.3 /lib
ln libssl.so libssl.so.6
ln libcrypto.so libcrypto.so.6
We also need up update ld.so.conf file.
echo "/opt/nessus/lib" >> /etc/ld.so.conf
Finally it’s time to configure Nessus. Execute each of the following and follow the prompts.
You need to go here and request a key so you can get your feed. That is a link to the free feed for home use. Use appropriately.
Once you have your key. Execute the following to update your plugins.
nessus-fetch --register [you feed code here]
When that is done and it is going to take a few minutes, you are ready to start the server and client.
Woohoo, time to find those vulnerabilities.
I know you’re tired, but there are only a couple more things to do.
Install Firefox 3
This is really easy. Just do the following:
And finally let’s get Fyodor’s Blackhat 2008 nmap.
Nmap 4.75 stable has been released. When I first created this how-to, it was net yet released. I am goint to leave the original instructions in place for the moment becuase I have not had a chance to test 4.75 on Backtrack 3 yet. However, if you are adventurous, instrucutions for installing 4.75 follow immediately after the Blackhat version instructions.
Blackhat 2008 Nmap
Execute the following. Warning: Copying and pasting the svn command below replaces the dashes and quotes for some reason. If you have a problem, double check that your command line is good.
svn co –username guest –password “” svn://svn.insecure.org/nmap-exp/bhdc08/
Very similar to the above.
tar xjf nmap-4.75.tar.bz2
There you have it. A bootable USB thumbdrive with Backtrack 3, persistent changes, Nessus, Firefox 3 and the latest nmap from Fyodor as of this writing.
Please let me know of any corrections or changes that should be made. You can leave a comment or send me a note at kriggins [at] infosecramblings.com.