Backtrack 4 Beta – USB/Persistent Changes/Nessus

This how-to will show you a method for building a usb thumbdrive with the following features:

  • Persistent Changes - Files saved and changes made will be kept across reboots.
  • Nessus and NessusClient installed - Everybody needs Nessus 🙂

Table of contents:

Assumptions, Tools and Supplies
Partition the USB thumbdrive
Make a bootable Backtrack 4 USB thumbdrive
Persistent Changes
Install Nessus

Assumptions, Tools and Supplies

This guide is written with the following assumptions:

  1. You know how to partition and format disks.
  2. You are familiar with Backtrack.
  3. You are familiar with Nessus.
  4. You are familiar with Linux.
  5. You are familiar with Windows.

Tools and supplies:

  1. A USB thumbdrive - minimum capacity 2GB
  2. A Backtrack 3 CDROM, Backtrack 4 DVD or an additional USB thumbdrive  (minimum 1GB) - Used to partition the thumbdrive.
  3. UNetbootin - A tool to transfer an iso image to a USB drive.

Let's get started!

Partition the USB thumbdrive

If you have a Backtrack 3 CDROM or Backtrack 4 DVD, you are in good shape, if you don't and are using an additional USB thumbdrive, skip to here and then return once you have a bootable Backtrack 4 device. I know this seems convoluted, but it's the easiest and most sure way I know to get us where we want to go.

First let's partition our thumbdrive. I used a 4 GB drive as I read that we would need 1.2 GB for persistent changes. After I got everything working, it looks to me like we can get away with a 2 GB stick if we are careful about regular cleanup of log files. Nessus tends to be the main culprit here.

Regardless of the size thumbdrive we use, we need to partition and format the drive as follows:

  1. The first partition needs to be a primary partition of at least 1 GB and formated as FAT32.
  2. The second Partition can be the rest of the thumbdrive. It needs to be formatted as ext2.

If you try to use Windows to re-partition the drive, you will likely run into some problems. Windows sees most USB thumbdrives as removable media and does not support multiple partitions on them. It also does not allow us to delete the existing partition from the drive. This is because most thumbdrives have the 'Removable Media Bit' set. This blog post describes the situation very well.  I would not recommend trying their suggestion since it really isn't necessary.

The easy way to get around the problem is to re-partition the drive using Linux. That's why we need the Backtrack CDROM although any Linux system will work. So go ahead and partition and format the drive according the layout above. Once I was done with this step, I switched back to a Windows system for the next few steps.

Make a bootable Backtrack 4 USB thumbdrive

Now we need to download the Backtrack 4 ISO.

Description: DVD Image
Name:: bt4-beta.iso
Size: 854 MB
MD5: 7d1eb7f4748759e9735fee1b8a17c1d8
Download: Click here

So now we have a usb thumbdrive with at least one 1 GB FAT32 partition on it.

The next step is to make it a bootable USB thumbdrive. There is a much easier way now. We are going to use the UNetbootin tool mentioned above. It is super easy to use. Just start UNetbootin, select the Backtrack 4 ISO, select the USB drive and click okay. You may get a warning that files exist on your USB drive. After making sure you picked the right one, tell it to go ahead and replace the files. It'll chug along and before you know it you will have a bootable thumbdrive. Much easier than the rigmarole we had to go through before.

Persistent Changes

Let's configure persistent changes while booted to Backtrack 4. We are going to do this exactly the same way we did in the Backtack 3 how-to by following the instructions referenced from Deathray's post on the Remote Exploit forums. Once we have booted into Backtrack we need to configure the rest of the thumbdrive if we haven't already done so. I used fdisk to create a second partition from the remainder of the drive and formatted it with mkfs.ext2. In my case my usb drive was /dev/sdb.

Once we have a formatted second partition, mount it and create a changes directory in the root of the file system.

  1. open a terminal windows
  2. mount /dev/sdb2 /mnt/sdb2
  3. cd /mnt/sdb2
  4. mkdir changes

Next we need to make some changes to how the system boots. Execute the following:

  1. cd /boot/syslinux
  2. chmod +Xx lilo
  3. chmod +Xx syslinux

Open syslinux.cfg with your favorite editor and make the following change. Note: I copied the boot definition I wanted to change and created a new entry so I would have a fall back option if something became broken. Again, I booted to KDE.

  1. Find the line "LABEL BT4".
  2. Copy that line and next 3 and paste them right below the existing line.
  3. Change the "LABEL BT4" to something you want like "LABEL BT4-persist" and description to something like "MENU LABEL BT4 Beta - Console - Persistent"
  4. Change the line that begins with APPEND in your copied section by adding "changes=/dev/sdx2" immediately after "root=/dev/ram0 rw" where the x is the drive appropriate for your system. In my case it looks like this, "....root=/dev/ram0 rw changes=/dev/sdb2...."
  5. Save your changes and exit the editor.

That should do it. Reboot and select the option you setup configured. To test it, create a file and reboot again. If your file is still there, everything is golden.

Install Nessus

Now that our changes are saved from boot to boot, we can install things and they won't disappear on us 🙂

Download the Ubuntu Nessus and NessusClient packages from nessus.org. I used the 32-bit 8.04 version which worked fine for me.

Again, with Backtrack 4 things are little easier. To install the Nessus server, simply execute the following command to install the package.

dpkg --install Nessus-4.0.1-ubuntu804_i386.deb

Things are little bit more complicated or the client. There are some dependencies that need to be installed first. Luckily, we have apt to help us with this. Execute the following commands to install them. The first one updates the apt-get cache. You may get an error about a GPG key not being found. You can safely ignore this.  The second, which is all one line, installs the pre-requisite packages.

apt-get update
apt-get install libqt4-core libqt4-gui libqtcore4 libqt4-network libqt4-script libqt4-xml libqt4-dbus libqt4-test libqtgui4 libqt4-svg libqt4-opengl libqt4-designer libqt4-assistant

After than, we can install the client package.

dpkg --install NessusClient-4.0.1-ubuntu804_i386.deb

Finally it's time to configure Nessus. Execute each of the following and follow the prompts.

/opt/nessus/sbin/nessus-mkcert
/opt/nessus/sbin/nessus-adduser

You need to go here and request a key so you can get your feed. That is a link to the free feed for home use. Use appropriately.

Once you have your key. Execute the following to update your plugins. Please note that there are two dashes before register in the nessus-fetch line below. They can display as one sometimes.

cd /opt/nessus/etc/nessus
/opt/nessus/bin/nessus-fetch --register [your feed code here]

When that is done, and it is going to take a few minutes, you are ready to start the server and client. Be aware that with version 4.0, while the command to start returns quickly, the actual starting of the service may take a minute or two. You can use netstat -na to check that the server is listening on port 1241.

/etc/init.d/nessusd start
/opt/nessus/bin/NessusClient

Woohoo, time to find those vulnerabilities.

Please let me know of any corrections or changes that should be made. You can leave a comment or send me a note at kriggins [at] infosecramblings.com.

Kevin

{ 101 comments… read them below or add one }

Greg February 11, 2009 at 8:37 pm

Using Unetbootin doesn’t work for me.
When backtrack goes to run off the usb, it just loads a gray screen with no boot options.

Reply

kriggins February 11, 2009 at 9:07 pm

Greg,

Sorry to hear you are experiencing some problems. You can try the following which is adapted from my Backtrack 3 How-to.

Hope this helps,
Kevin

———–
Once you have the iso saved on your system, you need a method to copy the files from it to the usb drive. If you are using a Windows systems for this part of the process like I did, you will need a way to access the files in the iso images. There are several ways to do so.

This page has several free options that can be used to mount the iso as a virtual CDROM. An even easier way is to install the freeware archive manager 7-Zip. 7-Zip can open a iso file as if it was an archive. You can then copy files from the archive to the USB thumbdrive. If using *nix, you can use the loop feature of mount to get to the files.

So now we have a usb thumbdrive with at least one 1 GB FAT32 partition on it. Copy the /bt4 and /boot directories from the iso to the first partition of the usb thumbdrive.

Next we need to open a shell or command window and make the thumbdrive bootable. Here is how I did it in on a Windows XP machine:

1. Open a command windows.
2. Change to the drive letter that my thumbdrive is mounted on.
3. cd /boot
4. execute bootinst.bat

Reply

Russel February 11, 2009 at 11:37 pm

Not sure if this is a common problem but I was at this step:
cd /opt/nessus/etc/nessus
nessus-fetch –register [you feed code here]

I was told: “The program ‘nessus-fetch’ is currently not installed. You can install it by typing: apt-get install nessusd

So I did and all is good in the hood.

Oh yeah and you need a “–” before register. i.e.: nessus-fetch –register [you feed code here]

Reply

kriggins February 12, 2009 at 6:07 am

Russel,

Thanks for the catching the typo on the nessus-fetch line. Copy and paste can be a killer. I confess that I did not test the nessus-fetch command since it has always worked in the past. I will update the how-to with your comments.

Thanks,
Kevin

Reply

kriggins February 12, 2009 at 6:54 pm

Russel,

I figured out the problem with the nessus-fetch issue. I forgot to include the path. That has been corrected now.

Kevin

Reply

Russel February 12, 2009 at 10:43 pm

BTW, thanks for the tutorial. I forgot to mention that. It helped a noob like me out, so i appreciate it!

Reply

kriggins February 13, 2009 at 7:38 am

You’re very welcome. I’m glad it helped.
Kevin

Reply

jmoore February 13, 2009 at 2:00 pm

Kevin, great tutorial. A quick noobile question though, when I dpkg nessus I get a Stale NFS file handle error:

dpkg: error processing Nessus-3.2.1-ubuntu804_i386.deb (–install):
unable to stat `./opt/nessus/lib/nessus/plugins/hpux_PHSS_34932.nasl’ (which I was about to install): Stale NFS file handle
dpkg-deb: subprocess paste killed by signal (Broken pipe)

Do you know of a quick solution? I tried unmounting and remounting /dev/sdb2 (my ext2 partition).

Thanks,
John

Reply

kriggins February 13, 2009 at 2:18 pm

Hi John,

Thanks for the compliment on the tutorial.

I have had this happen a couple of times with various files, usually when I didn’t let the system shutdown correctly. Not saying that is what happened in your case. It sounds like the files didn’t get written correctly during the unpacking of the install package.

The slash and burn option is to boot Backtrack in non-persistent mode, reformat the second partition, reboot into persistent mode, re-download the packages and try again. Not the answer you are looking for I am sure, but probably the quickest way to get around the problem.

Once you get a “stale NFS file handle” error when in persistent mode, mucking with the file system gets difficult.

If I come up something else you might try, I will let you know. If you find something that works, let me know so I can update the how-to.

-Kevin

Reply

John February 13, 2009 at 5:48 pm

Kevin, looks like you were right– the best way to deal with a stale NFS handle is to reformat from non-persistent mode and try again. Thanks for the advice. Everything seems to be working just fine now. Keep up the good work!

John

Reply

Peck February 17, 2009 at 5:08 pm

Hi Kevin, thanks for the post, appreciated it for bt3 and refered to it again to get the same with bt4.

I was wondering if theres a way to load the changes I’ve made before, but in read only mode so things done during that “session” aren’t saveed?

Reply

kriggins February 17, 2009 at 6:57 pm

Hi Peck,

I’m glad you have found it helpful.

What you would like to do is a nifty idea, but I don’t know of a way to do it. If I come across something, I’ll let you know.

Sorry,
Kevin

Reply

Finster February 19, 2009 at 4:16 pm

>Using Unetbootin doesn’t work for me.
>When backtrack goes to run off the usb, it just loads a gray >screen with no boot options.

Greg – I had the same problem – try running Unetbootin in administrator mode, or open up a command window in administrator mode and then run bootinst.bat in the boot directory.

Reply

Lance February 23, 2009 at 4:39 am

Nice work Kevin, although, like Peck, I’m more interested in a way to modify image and then not have sessions saved, i.e. install Nessus and such, then save the image and turn off data saving. When I have some free time I’ll try to figure it out and maybe post an appropriate guide. Thanks for your efforts!

Cheers
Lance

Reply

Ede February 26, 2009 at 6:20 pm

When typing apt-get install libqt4-core libqt4-gui libqtcore4 libqt4-network libqt4-script libqt4-xml libqt4-dbus libqt4-test libqtgui4 libqt4-svg libqt4-opengl libqt4-designer libqt4-assistant I receive:
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
libqt4-qt3support libqt4-sql libqt4-sql-mysql qt4-qtconfig
Suggested packages:
libqt4-dev
The following NEW packages will be installed:
libqt4-assistant libqt4-core libqt4-dbus libqt4-designer libqt4-gui
libqt4-network libqt4-opengl libqt4-qt3support libqt4-script libqt4-sql
libqt4-sql-mysql libqt4-svg libqt4-test libqt4-xml libqtcore4 libqtgui4
qt4-qtconfig
0 upgraded, 17 newly installed, 0 to remove and 0 not upgraded.
Need to get 11.6MB of archives.
After this operation, 30.5MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Err http://us.archive.ubuntu.com intrepid-updates/main libqtcore4 4.4.3-0ubuntu1
.1
404 Not Found [IP: 91.189.88.31 80]
Err http://us.archive.ubuntu.com intrepid-updates/main libqt4-network 4.4.3-0ubu
ntu1.1
404 Not Found [IP: 91.189.88.31 80]
Err http://us.archive.ubuntu.com intrepid-updates/main libqt4-assistant 4.4.3-0u
buntu1.1
.
.
[snip]
.
.
Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/main/q/qt4-x11/libqt4-s ql-mysql_4.4.3-0ubuntu1.1_i386.deb 404 Not Found [IP: 91.189.88.31 80]
Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/main/q/qt4-x11/qt4-qtco nfig_4.4.3-0ubuntu1.1_i386.deb 404 Not Found [IP: 91.189.88.31 80]
E: Unable to fetch some archives, maybe run apt-get update or try with –fix-mis sing?

It seems like if the remote server didn’t have the required files. I am locked at this step, have you any suggestions? Many thanks

Reply

kriggins February 26, 2009 at 7:22 pm

Hi Ede,

When I get errors like that it is usually related to having some network issues. A couple questions?

1. Did you make sure and execute /etc/init.d/networking start?
2. If you did, can you get to google or anything else with Firefox?

Kevin

PS – I am going to edit your comment to remove some of the length. I will leave enough to get the point across.

Reply

Adam February 26, 2009 at 11:11 pm

To partition a USB key in vista (the key doesn’t seem to be listed in the xp ver of diskpart) drop to a cmd and use the diskpart util…. carefully.

list disk – shows your disks
select disk # – to select your USB key
clean – goodbye existing partitions
create partition primary size=1024
format fs=fat32 label=”BT4B” quick
exit

then the whole unetbootin thing.

Reply

kriggins February 27, 2009 at 3:19 pm

Adam,

Thanks for the tips on partitioning using Vista. Good stuff.

Kevin

Reply

obi February 28, 2009 at 8:16 am

I have small query.

I am able to save data in /dev/sdb2 and Ican access the files on next boot also

But when I change the data in /etc or create file in /root i.e. on /dev/sdb1 (first boot partition), the data will not be retained and no created file or changed data is reflected on next boot.

Same, happens when Nessus is installed. It is active til the system is powered after installation. On next boot , no data or Nessus is visible.

HELP REQUIRED
i have tried this on two diffrent USB ( Pen) drives.

Reply

kriggins February 28, 2009 at 9:03 am

Hi Obi,

Sorry to see you are having problems. It sounds like one of two things is happening.

1) There is an error in the configuration you setup in your /boot/syslinux/syslinux.cfg file

or

2) On boot, you are not selecting the correct starting mode, i.e. the persistent changes option you setup during the configuration.

Feel free to post the contents of you /boot/syslinux/syslinux.cfg file if you would like me to take a look at it.

Kevin

PS – I tried to contact you via email to troubleshoot your issue, but the email bounced.

Reply

obijam February 28, 2009 at 11:45 am

Hi Kevin,

Thanx for the pointers

The contents of the /boot/syslinux/syslinux.cfg is given belo

–starts here

PROMPT 0
TIMEOUT 40
DEFAULT /boot/vesamenu.c32

LABEL BT4
MENU LABEL BT4 Beta – Console
KERNEL /boot/vmlinuz
APPEND vga=0x317 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw quiet

LABEL BT4
MENU LABEL BT4 Beta – Console no FB
KERNEL /boot/vmlinuz
APPEND initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw quiet

label BT4
MENU LABEL BT4 Beta – MSRAMDUMP
com32 /boot/msramdmp.c32

LABEL memtest86
MENU LABEL Run Memtest utility
KERNEL /boot/mt86p

LABEL BT4-dataaaaa
MENU LABEL BT4 – dataaaaa
KERNEL /boot/vmlinuz
APPEND vga=0x317 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw data=/dev/sdb2 quiet

—ends here

Changes in LABEL BT4-dataaaaa segment

It will be gret if things work out, since I will be using the same in my teaching sessions.

I am selecting the right option during the selection

Sorry for the e-mail ID, right one e-mail is listed now.

Reply

kriggins February 28, 2009 at 12:08 pm

Obijam,

I think see the problem. “data” in needs to be “changes”

So this:

APPEND vga=0×317 initrd=/boot/initrd.gz ramdisk_size=6666
root=/dev/ram0 rw data=/dev/sdb2 quiet

Should look like this:

APPEND vga=0×317 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw changes=/dev/sdb2 quiet

No problem on the email address.

Kevin

Reply

obijam February 28, 2009 at 10:21 pm

Hi Kevin,

Infact I started with changes and when it did not worked, i tried others.

I will change the pen drive and c; if it works.

The funny part is that , /etc/fstab reflects the changes

mount commant indicated /dev/sdb1 in rw mode, and yet do not get desired results

Thanks.

Rgds

Reply

Deylen March 1, 2009 at 12:12 am

Has anyone here managed to get loading the changes partition by uuid yet? I switch between several comps so having /dev/sdx2 etc is not really a viable option.

‘…root=/dev/ram0 rw changes=/dev/disk/by-uuid/…’

I’m pretty sure that this used to work with bt3 but no luck with bt4 beta so far.

Reply

obijam March 1, 2009 at 12:52 am

hi Deylen,

Things are being stored on /dev/sdx2; but not on /dev/sdx1. After reboot, files and directories one creates disappear on /dev/sdx1.

any luck or pointers pls. do let us know

rgds

Reply

obijam March 1, 2009 at 5:21 am

Dear Kevin,

I am still unable to save the changes which I make in /etc directory to the configuration files. Nessus is installed properly, but will remain active till machine is switched ON; on next boot I have to install evrything( each and evry change, new software which is install vanishes).

I had also encountered the same problem as faced by Ede; but same was recified by installing NessusClient-3.2.1-debian4_i386.deb package ( instead of NessusClient-3.2.1.1-ubuntu804.i386.deb ) and it worked fine to last details.

Kevin, I have a small query regarding my problem.

When system boot from USB drive, basically LINUX files are expanding (unpacked) and all the packages in memory and entire LINUX file structure which is created is in RAM. So anything we create or make changes to ( or install new package) is in RAM; how same is going to be written or exist at next boot time.

Probably that is the reason why I am losing all the changes and freshely installed software on the next boot.

I can write the data in /dev/sdb1 thru /mnt/sdb1 directory i.e. mount point for first partition and that data remains there. BUT the changes don’t.

I hope I am able to convey the meaning.

Reply

kriggins March 1, 2009 at 8:18 am

@Deylen

Designating buy uuid would be very cool. I was not aware you could do that. I will look into it and let you know what I find out. If you find anything, let me know and I will update the how-to with credit given.

@Obijam

When you issue the mount command after booting, do you see both /dev/sdb1 and /dev/sdb2 being mounted. If so, is there a folder on /dev/sdb2 called changes? You are correct in your thoughts about changes being made in memory, but the system will write those changes to a changes folder on /dev/sdb2 and incorporate them on next boot when things are working right. I will give this some more thought and let you know if I think of anything else.

Kevin

Reply

obijam March 1, 2009 at 9:00 am

Hi Kevin,

I agree with u regarding /dev/sdb1 & /dev/sdb2 mounted at boot time- no doubt about it. I am able to see both /dev/sdb1 and /dev/sdb2 mounted at boot time adnd both are reflected in /etc/fstab also.

Question is , are changes which I make, say in /etc/fstab or resolv.conf being written any where- My view is they are not.
For that matter Nessus which is installed in /opt directory. All these changes and installation files/structure remains in memory – RAM and as present LINUX structure exist in RAM; Nessus remains only in memory and does not reside on USB drive in any way. Once u shutdown- All is lost. IF I am wrong please do correct me. I have spent a good amount of time in overcoming the problem as listed by me earlier.

Yes, I agree data is written in ext2 – /dev/sdb2 ( i.e. 2 partition) thru it’s mount point i.e. /mnt/sdb2 and able to access the data in say changes( or data ) directory.

But question still remains, and that is NESSUS really existing in any structure on USB drive after installation and any changes made in /etc or any LINUX structure exist on next boot??

Rgds

Reply

kriggins March 1, 2009 at 12:51 pm

Obijam,

If persistence is working correctly, Nessus will exist on the USB key in the /changes/opt directory of the second partition of your the pen drive. If you edit resolv.conf or /etc/fstab, those changes will also be found on the filesystem in the changes folder. Again, only if persistence is working correctly. It does not sound like this is the case with your installation.

One thing to note, I have had things become messed up if I did not cleanly shutdown the system, i.e. issue a reboot or shutdown command. The stale nfs handle problems mentioned earlier happened this way. I am going to do a little more investigation as to exactly when data is written to the changes folder. It may be that it happens on shutdown or reboot and not real time. I will let you know what I find out.

Kevin

Reply

kriggins March 1, 2009 at 1:08 pm

Obijam,

I just checked and changes are written real-time, or close enough to it that I can’t tell the difference, on my pen drive to the /dev/sdb2/changes directory. If you would like to make an image of one of your pen drives and put it somewhere I can grab, it, I would be happy to see if I can figure out what is going on.

Kevin

Reply

obijam March 1, 2009 at 10:19 pm

Kevin,

I am able to write data in changes directory and data is retained boot after boot no problem.

Yes, I can write the data in /etc/fstab and then in next step save in /dev/sdb2 and it remains there – I have checked that.

No opt directory is created in /dev/sdb2 when Nessus is installed i.e. Nessus install directory.

I wil re-check the things and revert back.

Putting image of the pen drive , any ideas pls. do let me know.

Thanx

Obijam

Reply

shawk March 2, 2009 at 2:18 pm

I formatted 2GB FAT32 and 6GB ext3, and followed the rest of the directions to install Nessus. I have Nessus working just fine; however I cannot upgrade packages or install any other software (with >5GB free on sdb2). I receive a disk full error; in the case of apt-get I receive the error that the status file cannot be written.

Reply

kriggins March 2, 2009 at 2:44 pm

@obijam

Let me be clear, I was not writing data to the /dev/sdb2/changes directory directly. I made a change in root’s home directory then went and looked in /dev/sdb2/changes/root to see if the change was persisted which it was.

@shawk

I have never tried to with the second partition being ext3. I have always used ext2. I’m not saying that it makes any difference, but it is something different than I have tried. Can you create a file in root’s home directory?

Kevin

Reply

Tony Healy March 4, 2009 at 2:32 am

Hi
Have read your how-to with considerable interest.
I have tried lots of methods,(Pendrivelinux),to install ubuntu 8.10 or Mint 6 onto a usb thumbdrive with persistent changes without any success.
UNetbootin works like a dream but I guess you know its not persistent.Could you advise how to install a linux distro and make any changes persistent.
PS Iam using a 16Gb OCZ ATV USB 2.0 Flash Drive

Reply

kriggins March 4, 2009 at 3:44 pm

Hi Tony,

I haven’t tried to create a bootable linux usb drive with anything other that Backtrack so I am afraid I can’t offer any insights at this point. If I come across anything, I will definitely let you know.

Kevin

Reply

shawk March 4, 2009 at 5:00 pm

I can create files but I’ve run up against it only having 1GB – I have Nessus on it and running. I’m going to try a couple of things that I will share.

Meanwhile, here are results from df command:

root@bt:~# df -h -P -T –sync
Filesystem Type Size Used Avail Use% Mounted on
aufs aufs 1017M 1015M 0 100% /
tmpfs tmpfs 1007M 0 1007M 0% /lib/init/rw
varrun tmpfs 1007M 52K 1007M 1% /var/run
varlock tmpfs 1007M 0 1007M 0% /var/lock
udev tmpfs 1007M 2.9M 1004M 1% /dev
tmpfs tmpfs 1007M 0 1007M 0% /dev/shm
/dev/root ext2 5.7M 4.3M 1.5M 75% /mnt/live
/dev/loop22 squashfs 512K 512K 0 100% /mnt/live/lib/modules/2.6.28.1/kernel/drivers
/dev/sdb1 vfat 2.1G 866M 1.2G 43% /mnt/live/mnt/sdb1
/dev/sdb2 ext3 1017M 1015M 0 100% /mnt/live/memory
tmpfs tmpfs 1007M 1.0M 1006M 1% /mnt/live/memory/xino
/dev/loop0 squashfs 1.8M 1.8M 0 100% /mnt/live/memory/images/bin.lzm
/dev/loop2 squashfs 2.3M 2.3M 0 100% /mnt/live/memory/images/etc.lzm
/dev/loop3 squashfs 256K 256K 0 100% /mnt/live/memory/images/home.lzm
/dev/loop4 squashfs 17M 17M 0 100% /mnt/live/memory/images/lib.lzm
/dev/loop5 squashfs 60M 60M 0 100% /mnt/live/memory/images/opt.lzm
/dev/loop6 squashfs 129M 129M 0 100% /mnt/live/memory/images/pentest.lzm
/dev/loop7 squashfs 17M 17M 0 100% /mnt/live/memory/images/root.lzm
/dev/loop8 squashfs 2.8M 2.8M 0 100% /mnt/live/memory/images/sbin.lzm
/dev/loop9 squashfs 566M 566M 0 100% /mnt/live/memory/images/usr.lzm
/dev/loop10 squashfs 54M 54M 0 100% /mnt/live/memory/images/var.lzm
/dev/sdb1 vfat 2.1G 866M 1.2G 43% /boot
/dev/sdb1 vfat 2.1G 866M 1.2G 43% /mnt/sdb1
/dev/sdb2 ext3 1017M 1015M 0 100% /mnt/sdb2
overflow tmpfs 1.0M 16K 1008K 2% /tmp
/dev/sdc1 vfat 977M 18M 959M 2% /mnt/sdc1

Reply

kriggins March 4, 2009 at 7:03 pm

Hi Shawk,

In looking at the output you provided, it seems you created a 2GB first partition and a 1GB second partition. Reverse those. You only need 1GB for the first partition. Anything more is basically wasted.

Kevin

Reply

shawk March 4, 2009 at 9:09 pm

Ironically, I created a 2GB first and 6GB second; it is only using 1GB of the second partition and I can’t figure out why… so I am redoing it with 1GB/7GB and making sure I don’t miss a step or change a parameter that should not.

Reply

kriggins March 4, 2009 at 9:24 pm

Shawk,

One other note and I don’t know if it means anything at all, but I have always used ext2 for my changes partition. I need to play around with ext3. I would think it would work fine, but have never tried it.

Kevin

Reply

shawk March 4, 2009 at 11:17 pm

it was certainly an ext3 vs ext 2 issue unless I did something else funny to it; I can now see the remaing 7GB with the reformatting and reinstallation.

Reply

kriggins March 5, 2009 at 3:02 pm

@shawk

Great. I’m glad it’s working. I will do some tests to see if it I can replicate the issue when using ext3.

@whyme

Video is not something I do at this point. You might try searching for some video that gets you what you need.

Kevin

Reply

whyme March 5, 2009 at 3:04 am

Guys can u make a video tutorial on how to partition the USB Drive thats my only problem

Reply

charadeur March 6, 2009 at 10:28 pm

Thanks for the how to. Persistent is working great for me.

However I am seeing the same issue as Ede. My wireless network is working properly as I am typing this from the usb backtrack 4. It appears to be finding the repository but can’t download the files. Any ideas are appreciated.

Reply

charadeur March 6, 2009 at 10:34 pm

Never mind. I got it going. 🙂 I don’t know why but I used lynx to connect to google then tried the apt-get and it worked fine. How weird is that?

Reply

obijam March 7, 2009 at 9:50 am

@charadeur

I had also encountered the same problem as faced by Ede; but same was recified by installing NessusClient-3.2.1-debian4_i386.deb package ( instead of NessusClient-3.2.1.1-ubuntu804.i386.deb ) and it worked fine to last details.

Reply

Touche36 March 8, 2009 at 12:11 am

Whyme – I had a lot of problems with creating the correct partitions too. This is what I did to get them set up correctly…

Boot off the BT4 DVD.

It’s best to start of with a clean USB pen drive – so plug it in and delete any existing partitions by running Qparted from the Shell – not forgetting to commit changes to actually perform the operation.

Still in Qparted…

Create a FAT32 partition of 1024MB and commit it.
Create a second partition type EXT2 using what space is left on the USB pen drive and commit it.

Shut the system down and boot up into Windows.

Format the USB pen drive as FAT32 (should show 986MB).
Copy the BOOT and BT4 folders from the BT4 DVD to the pen drive.
Run the command prompt and change to the USB drive’s letter.
Go into the BOOT directory by using ‘cd boot’.
Run ‘bootinst.bat’ to make the drive bootable.

Don’t forget to safely ‘Eject’ the drive (don’t just pull it out)
or you may risk data loss.

I found Qparted to be a bit flaky, but with persistance (and a reboot or two) I got the partitions set up and the pen drive booting 🙂

Reply

Touche36 March 8, 2009 at 1:24 am

Well I thought I had it…

Turns out once I rebooted and checked, everything that was OK is now wrong, so I downloaded *this* program (trial for 30 days) :

http://www.terabyteunlimited.com/bootit-next-generation.htm

You have to burn the ISO it makes, to CD.

When it runs, don’t install it to hard disk – just run it in maintenance mode. You may have to enable USB2 in the options for it to pick up your pen drive. The filing system for EXT2 is 131(0x83) – although this didn’t seem to work and I had to reformat it in Qtparted.

You can boot of the USB pen drive and check everything looks OK in Qtparted.

I also came across this free (for home users) partition magic clone on my travels 🙂

http://www.partition-tool.com/personal.htm

Reply

charadeur March 8, 2009 at 2:52 pm

I also found what I think is the best solution for the apt-get issue. secure_it from the remote exploit forum gets credit.

Download a missing key and install it.

1. wget http://apt.pearsoncomputing.net/public.gpg
2. sudo apt-key add public.gpg
3. rm public.gpg
4. apt-get update
5. apt-get upgrade

Reply

pancho March 9, 2009 at 9:57 am

apt-get upgrade killed my kde desktop.
it just doesn’t load anymore the other desktop and xorg load fine though.

anybody?

Reply

c lehto March 10, 2009 at 10:27 am

pancho,

I experienced the same issue- apparently there is some shenanigans going on with the directories where the updates are placed. This is a bug which eventually will get fixed. In the meantime, the fix is enumerated here:
http://backtrack4.blogspot.com/2009/03/apt-get-upgrade-breaks-backtrack-4-beta.html

This works, I just tested it. Good luck.

Reply

new guy March 15, 2009 at 5:23 pm

ok I tried a couple times now and the
command

mount /dev/sdc2 /mnt/sdc2 says “mount point does not exist”.

I’m using 2 usb, the one booting the BT is sdb1. The other one is sdc1 and sdc2 neither one of these are sdc will mount. any idea’s…oh and i’m a noob so it could have been when i partitioned the second partition. I just put:
n
p and e(tried both)
2
enter (rest of disk)
w

and i used UNetbootin to make the bootable usb

Reply

new guy March 15, 2009 at 5:55 pm

ok I am a newb I need to make to mkdir /mnt/sdc2

Reply

Impressed March 18, 2009 at 2:23 pm

This is a really great tutorial! I didn’t know about UNetbootin… way useful for people who don’t want to mess with SLAX.

Reply

Psi Phi March 19, 2009 at 12:36 am

Worked great for me, thanks for the great tut, only I left Unetbootin on another machine so used the BT3 method for making the USB bootable – worked no problem.

Had other USB devices at the time so when I installed my stick it was sdc, when I rebooted it was sdb and persistent changes didn’t work – just a change to the config file and it was fine.

Problem I can’t solve though – creating a new user account.
Process works OK, can create account, get a home directory, set the user password, etc. – just can’t log in.
I can “su -” from root, but can’t log in.
When I try to log in it says “Invalid Login”

Reply

kriggins March 23, 2009 at 5:25 pm

I was able to create a new user and make it work. A couple notes. Out of the box, the useradd command did not create home directory even though I told it to. I used the following command to create my user. The username is just an example.

useradd -b /home -d /home/userdude -s /bin/bash userdude
mkdir /home/userdude
chown userdude.userdude /home/userdude
passwd userdude

After that, I logged out as root and was able to log back in as userdude. Type startx and configure my desktop.

-Kevin

Reply

Immaculata March 19, 2009 at 10:43 am

Well, as another noob, I’m having a bit of difficulty:) Struggled a bit, but, having run through nthe above, I now get all the expected responses from the shell UNTIL:

when I run the client, and try to connect, it refuses my credenhtials. How do I manage the users, and test connectivity?

(I’m looking at Tenable’s docs now, but though if you knew the answer you might want to link to it)

Cheers, great tute…

Reply

kriggins March 19, 2009 at 12:36 pm

@new guy

Glad you figured it out. I apologize for not responding quickly enough to help you out.

@Impressed

Thanks!

@Psi Phi

Interesting. I have never tried to add a new user. I’ll give it whirl this weekend and let you know what I find out.

@Immaculata

Did you run the nessus-adduser script? This is where you setup users for Nessus.

-Kevin

Reply

Deathray March 22, 2009 at 2:22 pm
kriggins March 24, 2009 at 4:12 pm

@Deathray

First – apologies for the comment not getting posted. For whatever reason, Akismet didn’t like it and I just got around to checking “spam” comments today.

Second – I did give you credit on my Backtrack 3 how-to quite some time ago. You can find it here: http://www.infosecramblings.com/backtrack/backtrack-3-usb-persistent-nessus-ff3-nmap/. The references list is at the bottom of the post.

-Kevin

Reply

Ulrick13 March 23, 2009 at 10:29 am

Hello all,

First of all a huge thanks for Kevin and his tutorial which worked flawlessly for me.
I’m been spending days and days playing with this combo and as a pentester really appreciate the flexibility (over regular HD install, etc.)

So great work, my next thing is now to figure how to have the second partition encrypted so that every collected info will stay safely encrypted on the “change” partition.
Any hints are of course welcome 😉

-Stef

Reply

kriggins March 23, 2009 at 2:29 pm

Thanks! I’m glad you find the tutorial helpful.

You pose a very interesting challenge regarding encrypting the changes partition. One which I haven’t looked at yet. I have an idea that I will poke at this week. Stay tuned for a possible solution to your query.

-Kevin

Reply

Immaculata March 24, 2009 at 6:49 am

Thanks Kevin – yes, I’d used that script, but something clearly went wrong (the user didn’t exist).

I recreated the user, and have been running smoothly since… until I lost the pen drive in question…!!! 🙁
Still, at least it’s not filled with my government’s data (I stored it all centrally).

Interestingly, I’m having trouble with one type of drive – IOMEGA HDS72251 2VLAT20 USB Device is what I see if I use the Kmenu gui’s “USB Devices” or “SCSI”. However, it doesn’t appear in /dev, so can’t be mounted/partitioned etc. Can’t see any USB devices with dmesg. Shame since I intended to use this to hold some larger rainbow tables. Looks like I’m back to 4GB pen drives…:)

Credit to you, Kevin – thanks again for the help this tutorial has been.

Reply

kevin March 24, 2009 at 8:10 pm

Thanks for the time and effort in making these instructions. I have BT4 beta running nicely on an SDHC with changes. Excellent instructions for a Linux noob like me…

Reply

kriggins March 27, 2009 at 6:24 am

@kevin

I’m glad you found it helpful. Really cool that it works on SDHC cards too!

-Kevin

Reply

verano March 28, 2009 at 1:11 pm

I have made my 4 gb usb stick like described above.
But what is persistent ?
If i change keyboard layout in my own, and reboot, the keyboard layout is back in US.
Did i do something wrong ?

Also when booting, i don’t see that the os mounts the usb mount points ….

Reply

Wynneth March 30, 2009 at 2:56 pm

Just fyi, it’s a great tutorial but it didn’t mention a step I needed. I had to execute bootinst.sh to make the thumb drive bootable – if this was mentioned in the comments sorry tl;dr. Everything else is wonderful, I always triple part my thumbs for linux/persistant/windows so I can also keep a PortableApps suite on the windows partition. Oh, also – I saw someone mention about encrypting the changes… I wonder about doing a full encryption a la truecrypt full system encrypt. Has anyone tried doing that on BT4 in general/linux/a thumbdrive?

Reply

kriggins March 30, 2009 at 3:12 pm

Hi Wynneth,

First: Thanks! I’m glad you found it helpful.

Second: The second comment answers the question about UNetbootin not working. I need to make several additions/modification to the tutorial based on comments and that one is among them.

Third: I have a couple posts about encrypting stuff on Backtrack 4 on a USB drive, but none of them do full disk encryption. I have not tried yet, but do suspect the need for the first partition to be vfat32 and then second to be ext2 might complicate things. On the other hand, it might work flawlessly. It is on my list to try at some point.

Kevin

Reply

mindcrash April 6, 2009 at 1:00 am

Thank you very much for your guide!

Installed Nessus without any problems, now when I try to start its daemon shell says:
$Starting Nessus: _ (<- blinking cursor) and nothing happens. Although indicator on my usbkey is blinking meaning that the system is trying to read/write on it.

I’m using a eeePC.. maybe everything is so slowwwwww 🙂 and I need to wait.

Reply

Danny April 7, 2009 at 1:21 pm

Great Tutorial !! Exactly what I was looking for… I am so glad with guys like you, who make my life so much easier .. 😉 THANK You.

I had the same problem as mentioned in one of the earlier posts regarding the apt-get install (404 error). To solve this I ran an “apt-get update” as mentioned after the errorlisting. After that I was able to run the apt-get install without any problems..

I post this just for people who may have the same problem..

Reply

Bruno April 7, 2009 at 5:11 pm

Hi there,

Thanks for the nifty tutorial !

Just ran into a problem when rebooting with all packages installed: it turns out that after the plugins update, nessus is taking soooooo long to start that it is almost unusable. Has anybody encountered this problem yet ? I’m stuck with that.

While nessus was starting, I switched to a second console and made an “strace” on the processes: from what I can see nessusd is effectively reading its plugins files, but it never ends.

Any idea ?

Thanks !

Bruno

Reply

marcaine April 7, 2009 at 6:50 pm

mindcrash I have the exact problem as you I have reinstalled 3 times but get same issue on reboot get the $Starting Nessus and just blinks I have left my pc on like for an hour. I also have a EeePC the Asus 1000HE don’t know if that is the issue. I would really like this to work.

Reply

kriggins April 7, 2009 at 7:00 pm

@marcaine @bruno @mindcrash

It can take awhile for nessusd to start when all the plugins have been updated, but I have never had to wait more than a few moments. I am, however, running on a 1.73 GHz laptop. That being said, you can run the following command to disable autostart of nessusd which will at least let the system boot up the rest of the way. Run as or with sudo:

update-rc.d nessusd remove

Kevin

Reply

kriggins April 7, 2009 at 8:11 pm

@marcaine @bruno @mindcrash

I got to thinking about this issue some more and am wondering if the reason it is taking so long is because it is trying to reach Tenable to update the plugins, but can’t because networking has not been started. By default, Backtrack does not start up networking at boot time. I have always gone ahead and set the system to do so once I got persistent changes working. That can be done by executing the following:

update-rc.d networking defaults

I will do some testing when I get a chance and see if I can reproduce your symptoms by disabling network startup at boot time.

Kevin

Reply

marcaine April 7, 2009 at 8:36 pm

Also let me add I tried to install Nessus in a similar way on Ubuntu 8.10 and had the same issue at the reboot. As I am typing this I am attempting another install on BT4 Beta and will try removing it from boot and see if it works with a manual execution after the boot completes. I will post the results when my test is finished. Thanks for the help.

Reply

Bruno April 8, 2009 at 3:23 am

Thanks kriggins for your suggestions.

I don’t think the problem comes from nessusd trying to update its plugins from Tenable though, as it only does it via the “nessus-update-plugins” command, from what I remember.

However, I forgot to mention that I ran into problems earlier yesterday, my USB stick went berzerk: the LED wouldn’t stop blinking as if something were constantly accessing it, and when I tried to shutdown, it just hung, so I had to violently stop it, and when I rebooted, I got a bunch of messages telling me “Stale NFS file handle”. It plugged the USB stick on my regular linux box so that I could manually clean things (I erased a lot of things in the /changes directory).

I did it that way because I wanted to preserve my Nessusd key. Does anybody know what file I must preserve to keep my registration valid ? Once I know that I can start from scratch again and see if it corrects something.

Thanks !

Bruno

Reply

marcaine April 8, 2009 at 6:31 am

Ede from Feb 26, 2009

Kinda late but try running

apt-get update

Before you try to get those lib files, you may have to follow directions below.

Also note that I am further along getting nessus to work then ever before. I have not rebooted yet but I am performing a localhost scan to test it is working. In order to get this far before installing nessus I had to execute:

Fix Missing Public Key:
wget http://apt.pearsoncomputing.net/public.gpg
apt-key add public.gpg
apt-get update
apt-get upgrade

The above will break KDE and below is a Quick fix from the Backtrack Blog:
cd /etc/alternatives/
mv x-session-manager x-session-manager-broke
ln -s /opt/kde3/bin/startkde x-session-manager
cd /opt/kde3/share/
mv applications borked-applications
mv pixmaps borked-pixmaps
mkdir -p /usr/local/share/applications/kde
cp borked-applications/kde/ksnapshot.desktop /usr/local/share/applications/kde
ln -s /usr/local/share/pixmaps pixmaps
ln -s /usr/local/share/applications applications
cd /opt/kde3/share/icons/crystalsvg/16×16/apps/
ln -s cache.png preferences-web-browser-cache.png
cd /opt/kde3/share/applications/kde
cat ksnapshot.desktop |grep -v ^GenericName > ksnapshot.desktop1
mv ksnapshot.desktop1 ksnapshot.desktop

Credit goes to muts for the above.

Reply

wayne April 8, 2009 at 2:50 pm

Not to be picky or anything, but in, “So, without further au dieu, let’s get started!” it shouldn’t be au dieu. It should be Adieu. While you may be right in one sense “with god” (au dieu) is the same as good bye in archaic English, so it might be so in old French too; however, it’s still spelled Adieu, and has a meaning something like… let’s go with out further parting words…

Reply

kriggins April 9, 2009 at 5:18 am

@wayne

Thanks for setting me straight on “au dieu.” Interestingly enough, ado is probably the word I was looking for. It means “trouble or fuss” in archaic English. Anyway, I just changed it to “Let’s get started!” to avoid the whole issue 🙂

Kevin

Reply

Peter April 12, 2009 at 3:49 am

Thanks for the great tutorial!

I have this problem when turning off and would appreciate it if anyone here could help. The system does an error on 2 things and then does not turn off:

swapoff:cannot open /etc/fstab:Transport endpoint is not connected

/etc/init.d/rc:372: /etc/rc0.d/s90halt:Transport endpoint is not connected.

Peter

Reply

kriggins April 12, 2009 at 6:28 pm

@Peter,

Thank you. I am glad you found it helpful. I have not had any experience with the issue you are dealing with. I will keep my eyes open and let you know if I see anything that might help.

Kevin

Reply

wes April 13, 2009 at 6:05 pm

I am unable to get this tutorial work, I’ve followed the directions to the letter and everytime my boot prompt states that there is not a bootable os on the usb device. Does anyone know what I could be doing wrong?

Thanks,
Wes

Reply

kriggins April 13, 2009 at 8:19 pm

@wes,

Check out the second comment on the page. You may need to page back to see it. It give instructions on how to deal with this issue.

-Kevin

Reply

Balmung135 April 15, 2009 at 8:49 pm

Hey i am having a little trouble. I made my partitions using acronis disk manager, and i have the second one formated to ext2. when i try to use the “mount” command, i get an error saying i need to do something with the filesystem. does anyone know how to get around this?

Reply

Temjin April 21, 2009 at 5:47 am

Hi all!

Im a bit of a linux noob so here is my 2cents for any other noobs who may have
struggled a bit with the configuration of the syslinux.cfg.
I followed all the steps above in the excellent guide and here is a copy of my syslinux.cfg which works for me:

+++++ PLEASE NOTE THIS CONFIG FILE IS SET FOR CHANGES = SDB2
+++++ PLEASE CHECK THAT THIS IS CORRECT FOR YOUR SYSTEM AND AMMEND IT, IF IT IS NOT!!!

—————————————————————————————————————-

PROMPT 0
TIMEOUT 40
DEFAULT /boot/vesamenu.c32

LABEL BT4
MENU LABEL BT4 Beta – Persistent Console
KERNEL /boot/vmlinuz
APPEND changes=/dev/sdb2 initrd=/ubninit vga=0x317 ramdisk_size=6666 root=/dev/ram0 rw changes=/dev/sdb2 quiet

LABEL BT4
MENU LABEL BT4 Beta – Console no FB
KERNEL /boot/vmlinuz
APPEND initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw quiet

label BT4
MENU LABEL BT4 Beta – MSRAMDUMP
com32 /boot/msramdmp.c32

LABEL memtest86
MENU LABEL Run Memtest utility
KERNEL /boot/mt86p

—————————————————————————————————————-

Once I had completed this and saved it I closed the Kate window.
I then right clicked on the desktop and selected create new textfile which i named “rw working”
this appears as an icon on the desktop, which I felt was a good was when i log in to be sure
that if the file is there – the rw is working and has saved my changes – hehe! Such a noob 🙂
I then selected log-out from the menu options, which returns you to the command prompt.
I then type in:
shutdown -hP 1
which is a command to shutdown the system and power off in a minute, which is what happens.

—————————————————————————————————————-

Well, good luck and I hope this helps other noobs 🙂

Reply

Shay April 24, 2009 at 2:53 am

First – tx for the howto! sure is useful.

I wondered if I can use a file for the ext2 file system instead of using an actual partition.
What I mean to ask is – If I would have created a 2gb file, mount it and format it with ext2 partition would I be able to define “changes=/myfile″?

Also, I’m quite the noob so excuse my question if it is dumb 🙂 but – is it possible to install a second live distro (puppy linux) on the same drive using lilo as a boot manager, I’ve tried googling but came up empty handed…. I would really appreciate it if you could link me or give me some tips regarding this issue as well.

again tx alot!

Reply

Jimmy April 24, 2009 at 10:04 am

The instructions worked perfectly for me.
However, I am having performance issues. I have a fast USB thumbdrive, but when I am using it for BT4, it is really slow.
Even surfing websites it is slow. I *think* it may have to do with constant writing to drive. I am not sure. Is there a way to mount a tempfs off the laptop memory and use that to increase speed?

Reply

rajanways May 1, 2009 at 3:55 pm

Hi Kevin,
I have downloaded backtarck4 beta to my system.I have 2GB pendrive.I use Debian.I have never tried to install anything through pendrive.That’s why I am feeling shy this time too.My questions are-
1.Is it necessary to make partition on my 2GB pendrive.If yes ,then How can I make partition on pendrive using debian.and how to bring it back in the previous position after using partition?
2.Do I need any bootable CDROM additionaly for Backtrack4 beta to install Backtrack on my system?
3.If any more education is needed ,then please guide me(any appropriate link or something).
regards
rajan

Reply

Kevin S-not the author of this article May 7, 2009 at 2:28 pm

Jimmy – it does appear to do with the read/write and caching – I’ve tried a few different tricks even reserving some swap space on the USB drive; no go. It does this for me on a netbook’s flash drive as well.

I have seen some discussion about forcing the drive back into non-persistent mode. I don’t know how to do this; and I think since you have to write some configuration files and maybe even a log or two (unless you redirect), you can’t do such a thing or even flip the read-only switch. My drive doesn’t have one so I can’t experiment. I save all of my results for a particular client on a different drive and then burn to DVD later; I never save anything in the actual BackTrack – I mount another USB and configure everything to write to that drive instead.

Reply

ron May 19, 2009 at 6:20 am

Hi thanks for tutorial after i have copied the iso file in usb i tried to boot but it’s not working for me nothing hapense,than i tried in cmd and it gived me this error”I need 386+ CPU in real mode or under VCPI manager”Is there anything i can do to fix this?

Reply

joe May 19, 2009 at 11:36 pm

I’ve got the usb boot and persistent change file working. BUT, it doesn’t save the networking start command and it doesn’t save the KDE sound multimedia option to turn off all sounds…ie the find him announcement blasts out each time KDE starts etc. How can I fix these?

Reply

kriggins May 22, 2009 at 6:31 am

Hi to everyone who has left a comment recently. I apologize for my delay is responding.

@Balmung135,

If you haven’t already resolved your issue, can you provide more detail about the error message you receive when you try to mount the ext2 filesystem?

@Shay

I don’t know if you can use a file for changes. It would involved mounting it via the loop interface and that might present some difficulties. If you found it to be possible, please let me know and I will include those instructions in the next version of the how-to with attribution of course.

I don’t see why you couldn’t install another linux distribution on the thumb drive. Might be tricky, but should work.

@Jimmy,

While there is performance degradation when using persistent mode, I haven’t noticed it being significant in my case. As the other Kevin said, some have talked about putting our changes back into a live distro format, but I haven’t seen any instructions on how to do so yet.

@ranjanway

This link provides some more detailed instructions on using fdisk to partition a drive. http://www.freeos.com/articles/3935/ If you are using a debian system, you will not need an additional Backtrack CD.

@Ron,

I have not seen that error before. If I come across an answer, I’ll let you know. If you find one, please post another comment so others can benefit from your experience.

@Joe,

Have you executed the update-rc.d command to make the network start automatically on boot? The command is ‘update-rc.d networking default’ I have seen other references to not being able to turn off the start-up sound, but haven’t seen a work around yet.

-Kevin

Reply

joe May 23, 2009 at 12:00 pm

Thanks. I tried the command update-rc.d networking default but it fails. If I change default to defaults per the help then I get a command not found. If I add start after networking it doesn’t work either. Will have to research this more. Looks like this approach should work.

Reply

Steve May 23, 2009 at 1:29 pm

Hi,

Thanks for making this tutorial!

I’m stuck on one part though. I have managed to install BT onto my USB drive and it is now bootable and working great.

My problem is making it persistent.

You say you “used fdisk to create a second partition from the remainder of the drive and formatted it with mkfs.ext2. In my case my usb drive was /dev/sda”

But I’m lost as to the command to use and the fdisk man pages are a little scary.

Could you tell me what to enter?

I have a 4gb flash drive, this is the fdisk -l output:

Disk /dev/sdb: 4022 MB, 4022337536 bytes
255 heads, 63 sectors/track, 489 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0×000d5956

Device Boot Start End Blocks Id System
/dev/sdb1 * 1 141 1132551 b W95 FAT32
/dev/sdb2 142 489 2795310 5 Extended
/dev/sdb5 142 489 2795278+ 83 Linux

What is the fdisk command should I enter?

If you could tell me that would be really appreciated!

Many thanks!

Steve

Reply

kriggins May 23, 2009 at 3:17 pm

@Steve,

It looks like you have already partitioned the disk correctly and the second partition is configured for linux. All you need to do now is format the second partition which, according the above output of the fdisk commnd, should be /dev/sdb2. Use the following command to format the second partition.

mkfs.ext2 /dev/sdb2 *make sure /dev/sdb2 is not your system drive :)*

Once that is done, you can continue with the tutorial and everything should work well.

-Kevin

Reply

Don May 25, 2009 at 11:27 am

I can’t get the BT3 persistence to work, but it boots from the flash drive.

I used the older BackTrack 3 Final USB on a 8 gb sandisk flash drive. I partitioned and formatted the flash drive and the Back Track 3 boots from the flash drive. The KDE System Partition information shows /dev/sdb1 with 2,043 mb as vfat, and dev/sdb5 as ext2 with 5,528 mb. This matches what I see when I look at /mnt and see BT3 and boot on /dev/sdb1 and the changes directory on sdb5.

The fdisk -l output shows the same display the previous poster showed. The dev/sdb2 doesn’t show up under the /mnt or KDE partitions tho. It is as if /dev/sdb2 was the extended unallocated space before I did the format, and after the format it became /dev/sdb5.

Device Boot Start End Blocks Id System
/dev/sdb1 * 1 261 2096451 b W95 FAT32
/dev/sdb2 262 977 5751270 5 Extended
/dev/sdb5 262 977 5751238+ 83 Linux

But, it never writes any files on the changes directory so I don’t get persistence. I notice there is also a changes directory under root /changes and one menu option was for putting a slax.dat file under the /changes directory. This doesn’t work either.

I edited vesamenu to only one option:

PROMPT 0
TIMEOUT 120
DEFAULT /boot/vesamenu.c32

LABEL xconf1
MENU LABEL BT3 Persistent ***my changes***
KERNEL /boot/vmlinuz
APPEND vga=0x317 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw changes=/dev/sdb5

Now here is an interesting point. I did the same thing for BackTrack 4 Beta on another 8 gb flash drive using the DVD ISO, and got the same /dev/sdb1 and /dev/sdb5 partitions. It is a different brand flash drive so that is a diffence.

The BackTrack 4 Beta boots from the USB and creates files under changes on /dev/sdb5…lots of them so persistence does work.

Any ideas? Does it relate to my using the BT3 USB instead of the CD ISO?

Reply

kriggins May 26, 2009 at 7:30 am

@Don,

I’m not sure what is going on here. I have always used the BT3 USB version for my persistent installs. One option you might try is to remove sdb2 and sdb5 and just create on second partition. I’m not positive, but I don’t think the extended partition is necessary unless you want to add more that 4 partitions to a drive. This would get rid of any confusion the OS is experiencing re sdb2 vs. sdb5.

Kevin

Reply

Steve Shead May 27, 2009 at 7:35 am

This is great thanks. You can also download the VM and run it from the USB stick. I use an Ironkey 8gb USB drive and it is really fast. I also run SamuraiWTF from the same drive, and that is the advantage – not all your space is taken by the OS – just one more option.

Reply

ExcellentArticleSir June 1, 2009 at 5:20 pm

Excellent article, clearly and concisely written. Thank you for your contribution to the furtherance of excellent security practices.

I followed the article precisely and have no problems other than the fact that nessusd takes forever to start – it pegs the CPU for quite some time, but doesn’t seem to utilize much RAM.

Thanks again.

Reply

ron June 4, 2009 at 8:20 am

Hi i managed to solve the problem with this error”I need 386+ CPU in real mode or under VCPI manager”.
All i had to do was to reset my BIOS,so if anyone had this problem RESET YOUR BIOS 😀

Reply

ron June 4, 2009 at 8:20 am

Hi i managed to solve the problem with this error”I need 386+ CPU in real mode or under VCPI manager”.
All i had to do was to reset my BIOS,so if anyone had this problem RESET YOUR BIOS 😀

Reply

HaKa April 20, 2010 at 1:25 am

I have a flash voyager gt (basically the fastest or 2nd fastest drive on the planet… next to the new GTR but they basically the same speed) and I have it formatted to 2 partitions.. the fat32 and ext3… thing is with persistent (not including nessus or encryption) it is MAD slow (which as you stated to @Jimmy probably has to do with the persistent writing.. the blue light is on constantly 24/7 sometimes). Being that this is one of the fastest usb drives you can buy, it is still slow (very useable but sometimes firefox will pretend to freeze and/or desktop things). Has anyone figured a way to force some of the constant writing off or onto memory instead? I don’t mind using the non persistent (which I may do, as I have a non persistent BT 4F on a cheap generic 2gb stick which works fast as lightning)

Reply

Cancel reply

Leave a Comment