Backtrack 3 – USB/Persistent Changes/Nessus/Firefox 3/Latest nmap

This how-to will show you a method for building a usb thumbdrive with the following features:

  • Persistent Changes - Files saved and changes made will be kept across reboots.
  • Nessus and NessusClient installed - Everybody needs Nessus :)
  • Firefox 3 - Much better than Firefox 2
  • Nmap 4.76 - There are a number of very neat things available in the latest release of Nmap.

Table of contents:

Assumptions, Tools and Supplies
Bootable Backtrack 3 USB thumbdrive
Persistent Changes
Install Nessus
Install Firefox 3
Install Latest Nmap

Assumptions, Tools and Supplies

This guide is written with the following assumptions:

  1. You know how to partition and format disks.
  2. You are familiar with Backtrack.
  3. You are familiar with Nessus.
  4. You are familiar with Linux.
  5. You are familiar with Windows.

Tools and supplies:

  1. A USB thumbdrive - minimum capacity 2GB
  2. A Backtrack CDROM - Used during to partition the thumbdrive.

So, without further adieu, let's get started!

Bootable Backtrack 3 USB thumbdrive

First let's partition our thumbdrive. I used a 4 GB drive as I read that we would need 1.2 GB for persistent changes. After I got everything working, it looks to me like we can get away with a 2 GB stick if we are careful about regular cleanup of log files. Nessus tends to be the main culprit here.

Regardless of the size thumbdrive we use, we need to partition and format the drive as follows:

  1. The first partition needs to be a primary partition of at least 1 GB and formated as FAT32.
  2. The second Partition can be the rest of the thumbdrive. It needs to be formatted as ext2.

If you try to use Windows to re-partition the drive, you will likely run into some problems. Windows sees most USB thumbdrives as removable media and does not support multiple partitions on them. It also does not allow us to delete the existing partition from the drive. This is because most thumbdrives have the 'Removable Media Bit' set. This blog post describes the situation very well.  I would not recommend trying their suggestion since it really isn't necessary.

The easy way to get around the problem is to re-partition the drive using Linux. That's why we need the Backtrack CDROM although any Linux system will work. So go ahead and partition and format the drive according the layout above. Once I was done with this step, I switched back to a Windows system for the next few steps.

Now we need to download the USB version of Backtrack 3. This is an extended version with a few more tools.

From the Remote-Exploit website:

Description: USB Version (Extended)
Name:: bt3final_usb.iso
Size: 784 MB
MD5: 5d27c768e9c2fef61bbc208c78dadf22
SHA1: 3aceedea0e8e70fff2e7f7a7f3039704014e980f
Download: Click here

Once you have the iso save on your system, you need a method to copy the files from it to the usb drive. If you are using a Windows systems for this part of the process like I did, you will need a way to access the files in the iso images. There are several ways to do so.

This page has several free options that can be used to mount the iso as a virtual CDROM. An even easier way is to install the freeware archive manager 7-Zip. 7-Zip can open a iso file as if it was an archive. You can then copy files from the archive to the USB thumbdrive. If using *nix, you can use the loop feature of mount to get to the files.

So now we have a usb thumbdrive with at least one 1 GB FAT32 partition on it. Copy the /bt3 and /boot directories from the iso to the first partition of the usb thumbdrive.

Next we need to open a shell or command window and make the thumbdrive bootable. Here is how I did it in on a Windows XP machine:

  1. Open a command windows.
  2. Change to the drive letter that my thumbdrive is mounted on.
  3. cd /boot
  4. execute bootinst.bat

Ta da, we should now have a bootable Backtrack 3 thumbdrive. I did the rest of my configuration from the booted thumbdrive.

Persistent Changes

Let's configure persistent changes while booted to Backtrack 3. I chose Backtrack 3 with KDE for my operating environment. Once we have booted into Backtrack we need to configure the rest of the thumbdrive if we haven't already done so. I used fdisk to create a second partition from the remainder of the drive and formatted it with mkfs.ext2. In my case my usb drive was /dev/sda.

Once we have a formatted second partition, mount it and create a changes directory in the root of the file system.

  1. open a terminal windows
  2. mount /dev/sda2 /mnt/sda2
  3. cd /mnt/sda2
  4. mkdir changes

Next we need to make some changes to how the system boots. Execute the following:

  1. cd /boot/syslinux
  2. chmod +Xx lilo
  3. chmod +Xx syslinux

Open syslinux.cfg with your favorite editor and make the following change. Note: I copied the boot definition I wanted to change and created a new entry so I would have a fall back option if something became broken. Again, I booted to KDE.

  1. Find the line "LABEL xconf1".
  2. Copy that line and next 3 and paste them right below the existing line.
  3. Change the "LABEL xconf1" to something you want like "LABEL xconf1-persist" and description to something like "MENU LABEL KDE with persistent changes"
  4. Change the line that begins with APPEND in your copied section by adding "changes=/dev/sdx2" immediately after "root=/dev/ram0 rw" where the x is the drive appropriate for your system. In my case it looks like this, "....root=/dev/ram0 rw changes=/dev/sda2...."
  5. Save your changes and exit the editor.

That should do it. Reboot and select the option you setup configured. To test it, create a file and reboot again. If your file is still there, everything is golden.

Install Nessus

Now that our changes are saved from boot to boot, we can install things and they won't disappear on us :)

Download the Fedora 8 Nessus and NessusClient rpms from nessus.org. I have heard that the Fedora 9 rpms cause problems, so stick with version 8 for now. As of this writing, Nessus is at version 3.2.1. Make sure to change the version numbers below if you have downloaded a different version.

Convert them to tgz files.

rpm2tgz Nessus-3.2.1-fc8.i386.rpm
rpm2tgz NessusClient-3.2.1-fc8.i386.rpm

Install both packages. You can use either installpkg or pkgtool. I use installpkg.

installpkg Nessus-3.2.1-fc8.i386.tgz
installpkg NessusClient-3.2.1-fc8.i386.tgz

Now we need to make some adjustments to the system for things to work. Execute the following:

cd /opt/
export PATH=$PATH:/opt/nessus/sbin:/opt/nessus/bin:
cp /usr/lib/libssl.so /lib
cp /usr/lib/libcrypto.so /lib
cp /opt/nessus/lib/libnessus.so.3 /lib
cp /opt/nessus/lib/libnessusrx.so.0 /lib
cp /opt/nessus/lib/libpcap-nessus.so.3 /lib
cd /lib
ln libssl.so libssl.so.6
ln libcrypto.so libcrypto.so.6

We also need up update ld.so.conf file.

echo "/opt/nessus/lib" >> /etc/ld.so.conf
ldconfig

Finally it's time to configure Nessus. Execute each of the following and follow the prompts.

/opt/nessus/sbin/nessus-mkcert
/opt/nessus/sbin/nessus-adduser

You need to go here and request a key so you can get your feed. That is a link to the free feed for home use. Use appropriately.

Once you have your key. Execute the following to update your plugins.

cd /opt/nessus/etc/nessus
nessus-fetch --register [you feed code here]

When that is done and it is going to take a few minutes, you are ready to start the server and client.

/opt/nessus/sbin/nessusd -D
/opt/nessus/bin/NessusClient

Woohoo, time to find those vulnerabilities.

I know you're tired, but there are only a couple more things to do.

Install Firefox 3

This is really easy. One note however, there are two plugins that will not be automatically updated, XSS-me and SQL Inject-me. There are updated versions that work with Firefox 3 available here. Just manually install them after updating Firefox. To install Firefox 3, do the following:

cd ~

wget http://repository.slacky.eu/slackware-12.1/network/firefox/3.0.4/en-us/mozilla-firefox-en-us-3.0.4-i686-1sl.tgz

installpkg mozilla-firefox-en-us-3.0.1-i686-1sl.tgz

And finally let's get latest version of nmap.

Installing Nmap

Nmap 4.76 stable has been released with some great features.

cd ~

wget http://nmap.org/dist/nmap-4.76.tar.bz2

tar xjf nmap-4.76.tar.bz2

cd nmap-4.76

./configure

make

make install

There you have it. A bootable USB thumbdrive with Backtrack 3, persistent changes, Nessus, Firefox 3 and the latest nmap from Fyodor as of this writing.

Please let me know of any corrections or changes that should be made. You can leave a comment or send me a note at kriggins [at] infosecramblings.com.

Kevin

References:
[1] Persistent changes - post by Deathray on backtrack forums here: http://forums.remote-exploit.org/showthread.php?t=10236&page=3
[2] Nessus - post by Wouter Veugelen here: http://www.voipsec.eu/?p=205 who gives credit to williamc from this thread http://forums.remote-exploit.org/showthread.php?t=13127&page=3
[3] Firefox 3 - Post by hawaii67 here http://forums.remote-exploit.org/showthread.php?p=88562
[4] Nmap - Post by Daniel Miesler here http://dmiessler.com/blog/a-summary-of-new-nmap-features-from-blackhatdefcon-2008