Backtrack penetration testing notes

BackTrack -- Have you hugged your firewall today?

Procedures for Running BackTrack From a USB Drive

Note: This page is correct for the Final release of BackTrack2 or BackTrack3. If you would like to use the Beta releases of BackTrack2, please see this page.


10 July 2008 -- I had high hopes for Backtrack3 being more friendly to install on a USB stick. Near as I can tell, even the USB version requires some manipulation to get it to work. There are several pages out there telling you how to do it, inlcuding this page! I just tried the instructions below (obviously written for Backtrack 2) and they work fine for BackTrack3. You might also have a look at the discussion here and the discussion about making an EXT partition for saving configuration changes.



BackTrack is the successor to Auditor and is distributed by remote-exploit.org. Both are Linux distributions that come packaged with security tools including network analyzers, password crackers, wireless tools and fuzzers. The moral and ethical implications of such a distribution are not up for debate here. We assume you have good reason to use such a distribution and will leave the arguments for another forum. We should note that, as far as we can tell, Auditor is no longer available because Auditor and Whax was morphed into Backtrack. There are other security distributions out there such as Nubuntu.

By the way, the community tends to use BackTrack, Backtrack, BackTrack2, BackTrack|2, Back|Track2 and other nomenclature interchangeably. For clarity, we will use BackTrack here.

Traditionally BackTrack boots from a CD. What Linux folks call a "Live CD". This is extremely handy in that it leaves your hard drive (and any installed software/OS) completely untouched yet allows you to use your hardware (processor, wireless cards, Ethernet cards, video, USB ports etc.) with a fully functional OS. In the case of BackTrack, this OS is a variant of SLAX Linux. You can install BackTrack to a hard drive if you so choose. Then it operates just like any other hard drive-based OS.

There are several minor annoyances with a Live CD. Many of the items below only apply to laptop configurations but that is usually the most common configuration for someone running a security CD, especially with the proliferation of 802.11 networks. In no particular order:

So what other options are there? Assuming you don't actually want to install the Live CD to your hard drive (or mess with a dual boot configuration) you currently only have a couple options. Again, this focuses mainly on the laptop user. You could get a second hard drive, install to that and swap out hard drives as required. Nowadays this is a fairly cost effective solution but it might not be that convenient depending on your laptop. Usually swapping drives involves several screws, a fragile connector and a carrier that is specific to the make/model of laptop.

A much more convenient and cheaper alternative is to boot the Live CD from a USB memory stick. Call it a thumb drive, memory stick, USB stick, USB flash drive.... whatever. They are very cheap (as I write this you can get a 1 GB stick for around $10 USD) and are quite portable. This means that you can use the stick in any machine -- laptop or desktop -- that supports booting from USB.

Obviously this option requires a BIOS that will boot from USB. We will leave that as an exercise to the reader. If you've read this far, we assume you know what this means!

I don't claim to be a genius. However, I have tried using the onboard installer in Backtrack to install it to a USB stick: 'It no worky.' I have successfully installed to a hard drive with no issues. A USB stick, at least with my laptop/hardware/stick, is a different animal. I know some people have had success installing to flash drive this way. I tried several different angles with this and my laptop did not like it. I suspect it was a boot-loader issue.

I tried several different attacks at getting the distro to boot from a USB stick. So let's cut to the chase. Here is what I did to get it working. After google-ing around, I've found several other people that have used close variations of this method and some really oddball methods that I didn't seem to need. I make no guarantees this will work for your application. I don't know why this is not a one-click task from the BackTrack Live CD. It is with some other Live CD distros. Apparently people are quite happy to use CDs for running the OS. I'm a USB flash person. If the steps below seem like a lot of work to you, I suggest you lobby the Remote-Exploit.org folks to make this process easier in the next release.

One final note. You might take a look at PenDriveLinux.com. They have lots of neat ideas and even some custom installers there.


-=- Disclaimer -=-

This is a fast hack. I make no claims that there are not easier or better ways to accomplish this. I welcome corrections or comments. It worked for me. Your mileage may vary.


Choose Your Weapon -- Picking the Right USB Flash Drive

A 1GB USB flash drive works fine for this. You can't go smaller without major hacking on the CD distribution. I suppose if you worked hard enough you could cram it into a 512K stick but what's the point? I don't see a need to go bigger. I use a 1 GB stick and have plenty of room for saving changes and storing things like Kismet dumps.

Any brand and model you like will work fine. I won't go into the (often pedantic) arguments about access speed, maximum write cycles and whatnot. Whatever makes you happy.


Preparing the Stick

Get ready. This is tricky.

Step 1. Remove the packaging from the USB Flash Drive.

Whew! Glad that's over.

Seriously. Most USB flash drives come formatted as FAT which is fine. I usually reformat mine to FAT32. Do NOT format them as NTFS. I also suggest you not format them in one of the Linux variants such as EXT2 or EXT3. There is no need and it will limit your ability to work with the stick on a Windows or Macintosh box.

If the stick has some form of management or encryption software on it when it comes from the factory (e.g. U3) delete it. Don't give it a second thought. Delete it.

You should be able to use Windows XP to format these smaller devices as FAT32. XP won't let you format a larger drive as anything other than NTFS but a 1 GB stick should not be a problem. If you have a linux box handy, I really recommend gparted which allows you to do much more than just format. And it's available as a Live CD!

In the future I might add some more details in here about formatting. However, since this should be a quick job (if it's required at all) even on a Windows box, I'll move on for now.


Loading and Configuring The Files

BackTrack is distributed as a ISO-9660 filesystem image. There are lots of ways to extract the files out of the image. Again, I trust that you can manage this however you'd like. I just burn it to a CD-RW (so I can test with other machines that can't boot to USB) but you can mount loopback devices or use your favorite piece of software to manipulate the .iso file directly. I have used the free 7-Zip quite often without problems.

1. Once you have all the files out of the .iso image, simply copy all files and directories to the flash drive. From this point forward, all references will be to the files on the USB flash drive, not the CD or the .iso file. You can remove the Live CD if you were copying files off it directly.

2. Copy all the files and directories out of the boot directory into the root (top level) directory of the flash drive. COPY (NOT MOVE) THESE FILES. LEAVE THE ORIGINAL FILES IN THE boot DIRECTORY.

3. Go into the /syslinux directory and locate the files named syslinux.exe and syslinux.com and syslinux.cfg. Move these three files to the root directory of the flash drive.

4. Use your favorite text editor and open the config file you just copied, syslinux.cfg. Remove all /boot/ directory references in the file. So...

      kernel /boot/vmlinuz becomes kernel vmlinuz

      and

      initrd=/boot/initrd.gz becomes initrd=initrd.gz

Basically anywhere you see the text /boot/ within this file, just remove it.

5. If you have not done the previous steps on a Windows machine, mount the flash drive on a Windows machine now. Note which drive letter Windows assigns to the flash drive (e.g. D: or E:).

6. Shell out to a DOS prompt on the Windows machine. The easiest way is click Start/Run and enter CMD

7. Change directory to the flash drive. This should put you in the root of D: or E: or whatever the drive letter was in Step 5.

8. Execute the syslinux.exe file with the drive letter from Step 5 appended to it. Example, assuming the flash drive was mounted as drive E: you would execute

      E:\>syslinux.exe e:

9. Safely dismount the USB flash drive. You're done. Just make sure the BIOS on your target system is set to boot from the USB device.


Notes

  1. Would someone please fix the backspace in the BackTrack Vi editor? Please? Editing is just about impossible and I noticed this STILL isn't fixed in the final release. I don't know if this is a keyboard mapping issue or what but I've seen it on several different machines. [ Saw this was fixed in BT3! Thank You! ]
  2. Perhaps it's just the fact that it is running from a USB device but the "configsave" option doesn't seem to work. I didn't have this problem in the Beta versions.
  3. Where did they hide Wireshark? I can find it on the hard drive but not in the menu system. I seem to remember the November Beta having a menu option for both the "wired" version of wireshark and a "wireless" version.



Copyright 2007 Pettingers.org

Vectors at

pettingers.org