Backtrack 4 Beta – USB/Persistent Changes/Nessus
This how-to will show you a method for building a usb thumbdrive with the following features:
- Persistent Changes - Files saved and changes made will be kept across reboots.
- Nessus and NessusClient installed - Everybody needs Nessus
Table of contents:
Assumptions, Tools and Supplies
Partition the USB thumbdrive
Make a bootable Backtrack 4 USB thumbdrive
Persistent Changes
Install Nessus
Assumptions, Tools and Supplies
This guide is written with the following assumptions:
- You know how to partition and format disks.
- You are familiar with Backtrack.
- You are familiar with Nessus.
- You are familiar with Linux.
- You are familiar with Windows.
Tools and supplies:
- A USB thumbdrive - minimum capacity 2GB
- A Backtrack 3 CDROM, Backtrack 4 DVD or an additional USB thumbdrive (minimum 1GB) - Used to partition the thumbdrive.
- UNetbootin - A tool to transfer an iso image to a USB drive.
Let's get started!
If you have a Backtrack 3 CDROM or Backtrack 4 DVD, you are in good shape, if you don't and are using an additional USB thumbdrive, skip to here and then return once you have a bootable Backtrack 4 device. I know this seems convoluted, but it's the easiest and most sure way I know to get us where we want to go.
First let's partition our thumbdrive. I used a 4 GB drive as I read that we would need 1.2 GB for persistent changes. After I got everything working, it looks to me like we can get away with a 2 GB stick if we are careful about regular cleanup of log files. Nessus tends to be the main culprit here.
Regardless of the size thumbdrive we use, we need to partition and format the drive as follows:
- The first partition needs to be a primary partition of at least 1 GB and formated as FAT32.
- The second Partition can be the rest of the thumbdrive. It needs to be formatted as ext2.
If you try to use Windows to re-partition the drive, you will likely run into some problems. Windows sees most USB thumbdrives as removable media and does not support multiple partitions on them. It also does not allow us to delete the existing partition from the drive. This is because most thumbdrives have the 'Removable Media Bit' set. This blog post describes the situation very well. I would not recommend trying their suggestion since it really isn't necessary.
The easy way to get around the problem is to re-partition the drive using Linux. That's why we need the Backtrack CDROM although any Linux system will work. So go ahead and partition and format the drive according the layout above. Once I was done with this step, I switched back to a Windows system for the next few steps.
Make a bootable Backtrack 4 USB thumbdrive
Now we need to download the Backtrack 4 ISO.
Description: DVD Image
Name:: bt4-beta.iso
Size: 854 MB
MD5: 7d1eb7f4748759e9735fee1b8a17c1d8
Download: Click here
So now we have a usb thumbdrive with at least one 1 GB FAT32 partition on it.
The next step is to make it a bootable USB thumbdrive. There is a much easier way now. We are going to use the UNetbootin tool mentioned above. It is super easy to use. Just start UNetbootin, select the Backtrack 4 ISO, select the USB drive and click okay. You may get a warning that files exist on your USB drive. After making sure you picked the right one, tell it to go ahead and replace the files. It'll chug along and before you know it you will have a bootable thumbdrive. Much easier than the rigmarole we had to go through before.
Let's configure persistent changes while booted to Backtrack 4. We are going to do this exactly the same way we did in the Backtack 3 how-to by following the instructions referenced from Deathray's post on the Remote Exploit forums. Once we have booted into Backtrack we need to configure the rest of the thumbdrive if we haven't already done so. I used fdisk to create a second partition from the remainder of the drive and formatted it with mkfs.ext2. In my case my usb drive was /dev/sdb.
Once we have a formatted second partition, mount it and create a changes directory in the root of the file system.
- open a terminal windows
- mount /dev/sdb2 /mnt/sdb2
- cd /mnt/sdb2
- mkdir changes
Next we need to make some changes to how the system boots. Execute the following:
- cd /boot/syslinux
- chmod +Xx lilo
- chmod +Xx syslinux
Open syslinux.cfg with your favorite editor and make the following change. Note: I copied the boot definition I wanted to change and created a new entry so I would have a fall back option if something became broken. Again, I booted to KDE.
- Find the line "LABEL BT4".
- Copy that line and next 3 and paste them right below the existing line.
- Change the "LABEL BT4" to something you want like "LABEL BT4-persist" and description to something like "MENU LABEL BT4 Beta - Console - Persistent"
- Change the line that begins with APPEND in your copied section by adding "changes=/dev/sdx2" immediately after "root=/dev/ram0 rw" where the x is the drive appropriate for your system. In my case it looks like this, "....root=/dev/ram0 rw changes=/dev/sdb2...."
- Save your changes and exit the editor.
That should do it. Reboot and select the option you setup configured. To test it, create a file and reboot again. If your file is still there, everything is golden.
Now that our changes are saved from boot to boot, we can install things and they won't disappear on us
Download the Ubuntu Nessus and NessusClient packages from nessus.org. I used the 32-bit 8.04 version which worked fine for me.
Again, with Backtrack 4 things are little easier. To install the Nessus server, simply execute the following command to install the package.
dpkg --install Nessus-4.0.1-ubuntu804_i386.deb
Things are little bit more complicated or the client. There are some dependencies that need to be installed first. Luckily, we have apt to help us with this. Execute the following commands to install them. The first one updates the apt-get cache. You may get an error about a GPG key not being found. You can safely ignore this. The second, which is all one line, installs the pre-requisite packages.
apt-get update
apt-get install libqt4-core libqt4-gui libqtcore4 libqt4-network libqt4-script libqt4-xml libqt4-dbus libqt4-test libqtgui4 libqt4-svg libqt4-opengl libqt4-designer libqt4-assistant
After than, we can install the client package.
dpkg --install NessusClient-4.0.1-ubuntu804_i386.deb
Finally it's time to configure Nessus. Execute each of the following and follow the prompts.
/opt/nessus/sbin/nessus-mkcert
/opt/nessus/sbin/nessus-adduser
You need to go here and request a key so you can get your feed. That is a link to the free feed for home use. Use appropriately.
Once you have your key. Execute the following to update your plugins. Please note that there are two dashes before register in the nessus-fetch line below. They can display as one sometimes.
cd /opt/nessus/etc/nessus
/opt/nessus/bin/nessus-fetch --register [your feed code here]
When that is done, and it is going to take a few minutes, you are ready to start the server and client. Be aware that with version 4.0, while the command to start returns quickly, the actual starting of the service may take a minute or two. You can use netstat -na to check that the server is listening on port 1241.
/etc/init.d/nessusd start
/opt/nessus/bin/NessusClient
Woohoo, time to find those vulnerabilities.
Please let me know of any corrections or changes that should be made. You can leave a comment or send me a note at kriggins [at] infosecramblings.com.
Kevin
{ 100 comments… read them below or add one }
← Previous Comments
ok I tried a couple times now and the
command
mount /dev/sdc2 /mnt/sdc2 says "mount point does not exist".
I'm using 2 usb, the one booting the BT is sdb1. The other one is sdc1 and sdc2 neither one of these are sdc will mount. any idea's...oh and i'm a noob so it could have been when i partitioned the second partition. I just put:
n
p and e(tried both)
2
enter (rest of disk)
w
and i used UNetbootin to make the bootable usb
ok I am a newb I need to make to mkdir /mnt/sdc2
This is a really great tutorial! I didn't know about UNetbootin... way useful for people who don't want to mess with SLAX.
Worked great for me, thanks for the great tut, only I left Unetbootin on another machine so used the BT3 method for making the USB bootable - worked no problem.
Had other USB devices at the time so when I installed my stick it was sdc, when I rebooted it was sdb and persistent changes didn't work - just a change to the config file and it was fine.
Problem I can't solve though - creating a new user account.
Process works OK, can create account, get a home directory, set the user password, etc. - just can't log in.
I can "su -" from root, but can't log in.
When I try to log in it says "Invalid Login"
Well, as another noob, I'm having a bit of difficulty:) Struggled a bit, but, having run through nthe above, I now get all the expected responses from the shell UNTIL:
when I run the client, and try to connect, it refuses my credenhtials. How do I manage the users, and test connectivity?
(I'm looking at Tenable's docs now, but though if you knew the answer you might want to link to it)
Cheers, great tute...
@new guy
Glad you figured it out. I apologize for not responding quickly enough to help you out.
@Impressed
Thanks!
@Psi Phi
Interesting. I have never tried to add a new user. I'll give it whirl this weekend and let you know what I find out.
@Immaculata
Did you run the nessus-adduser script? This is where you setup users for Nessus.
-Kevin
You could of gave me credit
http://forums.remote-exploit.org/showpost.php?p=59650&postcount=22
Hello all,
First of all a huge thanks for Kevin and his tutorial which worked flawlessly for me.
I'm been spending days and days playing with this combo and as a pentester really appreciate the flexibility (over regular HD install, etc.)
So great work, my next thing is now to figure how to have the second partition encrypted so that every collected info will stay safely encrypted on the "change" partition.
Any hints are of course welcome
-Stef
Thanks! I'm glad you find the tutorial helpful.
You pose a very interesting challenge regarding encrypting the changes partition. One which I haven't looked at yet. I have an idea that I will poke at this week. Stay tuned for a possible solution to your query.
-Kevin
I was able to create a new user and make it work. A couple notes. Out of the box, the useradd command did not create home directory even though I told it to. I used the following command to create my user. The username is just an example.
useradd -b /home -d /home/userdude -s /bin/bash userdude
mkdir /home/userdude
chown userdude.userdude /home/userdude
passwd userdude
After that, I logged out as root and was able to log back in as userdude. Type startx and configure my desktop.
-Kevin
Thanks Kevin - yes, I'd used that script, but something clearly went wrong (the user didn't exist).
I recreated the user, and have been running smoothly since... until I lost the pen drive in question...!!!
Still, at least it's not filled with my government's data (I stored it all centrally).
Interestingly, I'm having trouble with one type of drive - IOMEGA HDS72251 2VLAT20 USB Device is what I see if I use the Kmenu gui's "USB Devices" or "SCSI". However, it doesn't appear in /dev, so can't be mounted/partitioned etc. Can't see any USB devices with dmesg. Shame since I intended to use this to hold some larger rainbow tables. Looks like I'm back to 4GB pen drives...:)
Credit to you, Kevin - thanks again for the help this tutorial has been.
@Deathray
First - apologies for the comment not getting posted. For whatever reason, Akismet didn't like it and I just got around to checking "spam" comments today.
Second - I did give you credit on my Backtrack 3 how-to quite some time ago. You can find it here: http://www.infosecramblings.com/backtrack/backtrack-3-usb-persistent-nessus-ff3-nmap/. The references list is at the bottom of the post.
-Kevin
Thanks for the time and effort in making these instructions. I have BT4 beta running nicely on an SDHC with changes. Excellent instructions for a Linux noob like me...
@kevin
I'm glad you found it helpful. Really cool that it works on SDHC cards too!
-Kevin
I have made my 4 gb usb stick like described above.
But what is persistent ?
If i change keyboard layout in my own, and reboot, the keyboard layout is back in US.
Did i do something wrong ?
Also when booting, i don't see that the os mounts the usb mount points ....
Just fyi, it's a great tutorial but it didn't mention a step I needed. I had to execute bootinst.sh to make the thumb drive bootable - if this was mentioned in the comments sorry tl;dr. Everything else is wonderful, I always triple part my thumbs for linux/persistant/windows so I can also keep a PortableApps suite on the windows partition. Oh, also - I saw someone mention about encrypting the changes... I wonder about doing a full encryption a la truecrypt full system encrypt. Has anyone tried doing that on BT4 in general/linux/a thumbdrive?
Hi Wynneth,
First: Thanks! I'm glad you found it helpful.
Second: The second comment answers the question about UNetbootin not working. I need to make several additions/modification to the tutorial based on comments and that one is among them.
Third: I have a couple posts about encrypting stuff on Backtrack 4 on a USB drive, but none of them do full disk encryption. I have not tried yet, but do suspect the need for the first partition to be vfat32 and then second to be ext2 might complicate things. On the other hand, it might work flawlessly. It is on my list to try at some point.
Kevin
Thank you very much for your guide!
Installed Nessus without any problems, now when I try to start its daemon shell says:
$Starting Nessus: _ (<- blinking cursor) and nothing happens. Although indicator on my usbkey is blinking meaning that the system is trying to read/write on it.
I'm using a eeePC.. maybe everything is so slowwwwww
and I need to wait.
Great Tutorial !! Exactly what I was looking for... I am so glad with guys like you, who make my life so much easier ..
THANK You.
I had the same problem as mentioned in one of the earlier posts regarding the apt-get install (404 error). To solve this I ran an "apt-get update" as mentioned after the errorlisting. After that I was able to run the apt-get install without any problems..
I post this just for people who may have the same problem..
Hi there,
Thanks for the nifty tutorial !
Just ran into a problem when rebooting with all packages installed: it turns out that after the plugins update, nessus is taking soooooo long to start that it is almost unusable. Has anybody encountered this problem yet ? I'm stuck with that.
While nessus was starting, I switched to a second console and made an "strace" on the processes: from what I can see nessusd is effectively reading its plugins files, but it never ends.
Any idea ?
Thanks !
Bruno
mindcrash I have the exact problem as you I have reinstalled 3 times but get same issue on reboot get the $Starting Nessus and just blinks I have left my pc on like for an hour. I also have a EeePC the Asus 1000HE don't know if that is the issue. I would really like this to work.
@marcaine @bruno @mindcrash
It can take awhile for nessusd to start when all the plugins have been updated, but I have never had to wait more than a few moments. I am, however, running on a 1.73 GHz laptop. That being said, you can run the following command to disable autostart of nessusd which will at least let the system boot up the rest of the way. Run as or with sudo:
update-rc.d nessusd remove
Kevin
@marcaine @bruno @mindcrash
I got to thinking about this issue some more and am wondering if the reason it is taking so long is because it is trying to reach Tenable to update the plugins, but can't because networking has not been started. By default, Backtrack does not start up networking at boot time. I have always gone ahead and set the system to do so once I got persistent changes working. That can be done by executing the following:
update-rc.d networking defaults
I will do some testing when I get a chance and see if I can reproduce your symptoms by disabling network startup at boot time.
Kevin
Also let me add I tried to install Nessus in a similar way on Ubuntu 8.10 and had the same issue at the reboot. As I am typing this I am attempting another install on BT4 Beta and will try removing it from boot and see if it works with a manual execution after the boot completes. I will post the results when my test is finished. Thanks for the help.
Thanks kriggins for your suggestions.
I don't think the problem comes from nessusd trying to update its plugins from Tenable though, as it only does it via the "nessus-update-plugins" command, from what I remember.
However, I forgot to mention that I ran into problems earlier yesterday, my USB stick went berzerk: the LED wouldn't stop blinking as if something were constantly accessing it, and when I tried to shutdown, it just hung, so I had to violently stop it, and when I rebooted, I got a bunch of messages telling me "Stale NFS file handle". It plugged the USB stick on my regular linux box so that I could manually clean things (I erased a lot of things in the /changes directory).
I did it that way because I wanted to preserve my Nessusd key. Does anybody know what file I must preserve to keep my registration valid ? Once I know that I can start from scratch again and see if it corrects something.
Thanks !
Bruno
Ede from Feb 26, 2009
Kinda late but try running
apt-get update
Before you try to get those lib files, you may have to follow directions below.
Also note that I am further along getting nessus to work then ever before. I have not rebooted yet but I am performing a localhost scan to test it is working. In order to get this far before installing nessus I had to execute:
Fix Missing Public Key:
wget http://apt.pearsoncomputing.net/public.gpg
apt-key add public.gpg
apt-get update
apt-get upgrade
The above will break KDE and below is a Quick fix from the Backtrack Blog:
cd /etc/alternatives/
mv x-session-manager x-session-manager-broke
ln -s /opt/kde3/bin/startkde x-session-manager
cd /opt/kde3/share/
mv applications borked-applications
mv pixmaps borked-pixmaps
mkdir -p /usr/local/share/applications/kde
cp borked-applications/kde/ksnapshot.desktop /usr/local/share/applications/kde
ln -s /usr/local/share/pixmaps pixmaps
ln -s /usr/local/share/applications applications
cd /opt/kde3/share/icons/crystalsvg/16x16/apps/
ln -s cache.png preferences-web-browser-cache.png
cd /opt/kde3/share/applications/kde
cat ksnapshot.desktop |grep -v ^GenericName > ksnapshot.desktop1
mv ksnapshot.desktop1 ksnapshot.desktop
Credit goes to muts for the above.
Not to be picky or anything, but in, "So, without further au dieu, let’s get started!" it shouldn't be au dieu. It should be Adieu. While you may be right in one sense "with god" (au dieu) is the same as good bye in archaic English, so it might be so in old French too; however, it's still spelled Adieu, and has a meaning something like... let's go with out further parting words...
@wayne
Thanks for setting me straight on "au dieu." Interestingly enough, ado is probably the word I was looking for. It means "trouble or fuss" in archaic English. Anyway, I just changed it to "Let's get started!" to avoid the whole issue
Kevin
Thanks for the great tutorial!
I have this problem when turning off and would appreciate it if anyone here could help. The system does an error on 2 things and then does not turn off:
swapoff:cannot open /etc/fstab:Transport endpoint is not connected
/etc/init.d/rc:372: /etc/rc0.d/s90halt:Transport endpoint is not connected.
Peter
@Peter,
Thank you. I am glad you found it helpful. I have not had any experience with the issue you are dealing with. I will keep my eyes open and let you know if I see anything that might help.
Kevin
I am unable to get this tutorial work, I've followed the directions to the letter and everytime my boot prompt states that there is not a bootable os on the usb device. Does anyone know what I could be doing wrong?
Thanks,
Wes
@wes,
Check out the second comment on the page. You may need to page back to see it. It give instructions on how to deal with this issue.
-Kevin
Hey i am having a little trouble. I made my partitions using acronis disk manager, and i have the second one formated to ext2. when i try to use the "mount" command, i get an error saying i need to do something with the filesystem. does anyone know how to get around this?
Hi all!
Im a bit of a linux noob so here is my 2cents for any other noobs who may have
struggled a bit with the configuration of the syslinux.cfg.
I followed all the steps above in the excellent guide and here is a copy of my syslinux.cfg which works for me:
+++++ PLEASE NOTE THIS CONFIG FILE IS SET FOR CHANGES = SDB2
+++++ PLEASE CHECK THAT THIS IS CORRECT FOR YOUR SYSTEM AND AMMEND IT, IF IT IS NOT!!!
----------------------------------------------------------------------------------------------------------------
PROMPT 0
TIMEOUT 40
DEFAULT /boot/vesamenu.c32
LABEL BT4
MENU LABEL BT4 Beta - Persistent Console
KERNEL /boot/vmlinuz
APPEND changes=/dev/sdb2 initrd=/ubninit vga=0x317 ramdisk_size=6666 root=/dev/ram0 rw changes=/dev/sdb2 quiet
LABEL BT4
MENU LABEL BT4 Beta - Console no FB
KERNEL /boot/vmlinuz
APPEND initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw quiet
label BT4
MENU LABEL BT4 Beta - MSRAMDUMP
com32 /boot/msramdmp.c32
LABEL memtest86
MENU LABEL Run Memtest utility
KERNEL /boot/mt86p
----------------------------------------------------------------------------------------------------------------
Once I had completed this and saved it I closed the Kate window.
I then right clicked on the desktop and selected create new textfile which i named "rw working"
this appears as an icon on the desktop, which I felt was a good was when i log in to be sure
that if the file is there - the rw is working and has saved my changes - hehe! Such a noob
I then selected log-out from the menu options, which returns you to the command prompt.
I then type in:
shutdown -hP 1
which is a command to shutdown the system and power off in a minute, which is what happens.
----------------------------------------------------------------------------------------------------------------
Well, good luck and I hope this helps other noobs
First - tx for the howto! sure is useful.
I wondered if I can use a file for the ext2 file system instead of using an actual partition.
What I mean to ask is - If I would have created a 2gb file, mount it and format it with ext2 partition would I be able to define “changes=/myfile″?
Also, I'm quite the noob so excuse my question if it is dumb
but - is it possible to install a second live distro (puppy linux) on the same drive using lilo as a boot manager, I've tried googling but came up empty handed.... I would really appreciate it if you could link me or give me some tips regarding this issue as well.
again tx alot!
The instructions worked perfectly for me.
However, I am having performance issues. I have a fast USB thumbdrive, but when I am using it for BT4, it is really slow.
Even surfing websites it is slow. I *think* it may have to do with constant writing to drive. I am not sure. Is there a way to mount a tempfs off the laptop memory and use that to increase speed?
Hi Kevin,
I have downloaded backtarck4 beta to my system.I have 2GB pendrive.I use Debian.I have never tried to install anything through pendrive.That's why I am feeling shy this time too.My questions are-
1.Is it necessary to make partition on my 2GB pendrive.If yes ,then How can I make partition on pendrive using debian.and how to bring it back in the previous position after using partition?
2.Do I need any bootable CDROM additionaly for Backtrack4 beta to install Backtrack on my system?
3.If any more education is needed ,then please guide me(any appropriate link or something).
regards
rajan
Jimmy - it does appear to do with the read/write and caching - I've tried a few different tricks even reserving some swap space on the USB drive; no go. It does this for me on a netbook's flash drive as well.
I have seen some discussion about forcing the drive back into non-persistent mode. I don't know how to do this; and I think since you have to write some configuration files and maybe even a log or two (unless you redirect), you can't do such a thing or even flip the read-only switch. My drive doesn't have one so I can't experiment. I save all of my results for a particular client on a different drive and then burn to DVD later; I never save anything in the actual BackTrack - I mount another USB and configure everything to write to that drive instead.
Hi thanks for tutorial after i have copied the iso file in usb i tried to boot but it's not working for me nothing hapense,than i tried in cmd and it gived me this error"I need 386+ CPU in real mode or under VCPI manager"Is there anything i can do to fix this?
I've got the usb boot and persistent change file working. BUT, it doesn't save the networking start command and it doesn't save the KDE sound multimedia option to turn off all sounds...ie the find him announcement blasts out each time KDE starts etc. How can I fix these?
Hi to everyone who has left a comment recently. I apologize for my delay is responding.
@Balmung135,
If you haven't already resolved your issue, can you provide more detail about the error message you receive when you try to mount the ext2 filesystem?
@Shay
I don't know if you can use a file for changes. It would involved mounting it via the loop interface and that might present some difficulties. If you found it to be possible, please let me know and I will include those instructions in the next version of the how-to with attribution of course.
I don't see why you couldn't install another linux distribution on the thumb drive. Might be tricky, but should work.
@Jimmy,
While there is performance degradation when using persistent mode, I haven't noticed it being significant in my case. As the other Kevin said, some have talked about putting our changes back into a live distro format, but I haven't seen any instructions on how to do so yet.
@ranjanway
This link provides some more detailed instructions on using fdisk to partition a drive. http://www.freeos.com/articles/3935/ If you are using a debian system, you will not need an additional Backtrack CD.
@Ron,
I have not seen that error before. If I come across an answer, I'll let you know. If you find one, please post another comment so others can benefit from your experience.
@Joe,
Have you executed the update-rc.d command to make the network start automatically on boot? The command is 'update-rc.d networking default' I have seen other references to not being able to turn off the start-up sound, but haven't seen a work around yet.
-Kevin
Thanks. I tried the command update-rc.d networking default but it fails. If I change default to defaults per the help then I get a command not found. If I add start after networking it doesn't work either. Will have to research this more. Looks like this approach should work.
Hi,
Thanks for making this tutorial!
I’m stuck on one part though. I have managed to install BT onto my USB drive and it is now bootable and working great.
My problem is making it persistent.
You say you “used fdisk to create a second partition from the remainder of the drive and formatted it with mkfs.ext2. In my case my usb drive was /dev/sda”
But I’m lost as to the command to use and the fdisk man pages are a little scary.
Could you tell me what to enter?
I have a 4gb flash drive, this is the fdisk -l output:
Disk /dev/sdb: 4022 MB, 4022337536 bytes
255 heads, 63 sectors/track, 489 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0×000d5956
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 141 1132551 b W95 FAT32
/dev/sdb2 142 489 2795310 5 Extended
/dev/sdb5 142 489 2795278+ 83 Linux
What is the fdisk command should I enter?
If you could tell me that would be really appreciated!
Many thanks!
Steve
@Steve,
It looks like you have already partitioned the disk correctly and the second partition is configured for linux. All you need to do now is format the second partition which, according the above output of the fdisk commnd, should be /dev/sdb2. Use the following command to format the second partition.
mkfs.ext2 /dev/sdb2 *make sure /dev/sdb2 is not your system drive
*
Once that is done, you can continue with the tutorial and everything should work well.
-Kevin
I can't get the BT3 persistence to work, but it boots from the flash drive.
I used the older BackTrack 3 Final USB on a 8 gb sandisk flash drive. I partitioned and formatted the flash drive and the Back Track 3 boots from the flash drive. The KDE System Partition information shows /dev/sdb1 with 2,043 mb as vfat, and dev/sdb5 as ext2 with 5,528 mb. This matches what I see when I look at /mnt and see BT3 and boot on /dev/sdb1 and the changes directory on sdb5.
The fdisk -l output shows the same display the previous poster showed. The dev/sdb2 doesn't show up under the /mnt or KDE partitions tho. It is as if /dev/sdb2 was the extended unallocated space before I did the format, and after the format it became /dev/sdb5.
Device Boot Start End Blocks Id System
/dev/sdb1 * 1 261 2096451 b W95 FAT32
/dev/sdb2 262 977 5751270 5 Extended
/dev/sdb5 262 977 5751238+ 83 Linux
But, it never writes any files on the changes directory so I don't get persistence. I notice there is also a changes directory under root /changes and one menu option was for putting a slax.dat file under the /changes directory. This doesn't work either.
I edited vesamenu to only one option:
PROMPT 0
TIMEOUT 120
DEFAULT /boot/vesamenu.c32
LABEL xconf1
MENU LABEL BT3 Persistent ***my changes***
KERNEL /boot/vmlinuz
APPEND vga=0x317 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw changes=/dev/sdb5
Now here is an interesting point. I did the same thing for BackTrack 4 Beta on another 8 gb flash drive using the DVD ISO, and got the same /dev/sdb1 and /dev/sdb5 partitions. It is a different brand flash drive so that is a diffence.
The BackTrack 4 Beta boots from the USB and creates files under changes on /dev/sdb5...lots of them so persistence does work.
Any ideas? Does it relate to my using the BT3 USB instead of the CD ISO?
@Don,
I'm not sure what is going on here. I have always used the BT3 USB version for my persistent installs. One option you might try is to remove sdb2 and sdb5 and just create on second partition. I'm not positive, but I don't think the extended partition is necessary unless you want to add more that 4 partitions to a drive. This would get rid of any confusion the OS is experiencing re sdb2 vs. sdb5.
Kevin
This is great thanks. You can also download the VM and run it from the USB stick. I use an Ironkey 8gb USB drive and it is really fast. I also run SamuraiWTF from the same drive, and that is the advantage - not all your space is taken by the OS - just one more option.
Excellent article, clearly and concisely written. Thank you for your contribution to the furtherance of excellent security practices.
I followed the article precisely and have no problems other than the fact that nessusd takes forever to start - it pegs the CPU for quite some time, but doesn't seem to utilize much RAM.
Thanks again.
Hi i managed to solve the problem with this error"I need 386+ CPU in real mode or under VCPI manager”.
All i had to do was to reset my BIOS,so if anyone had this problem RESET YOUR BIOS
Hi i managed to solve the problem with this error"I need 386+ CPU in real mode or under VCPI manager”.
All i had to do was to reset my BIOS,so if anyone had this problem RESET YOUR BIOS
← Previous Comments