Backtrack 4

I made an error in the how-to on configuring the system to automatically boot to persistent mode.

Instead of 'Default 5', it should be 'Default <label>' where label is the text following the 'label' line for the menu option you want to boot. In my case it looks like 'Default ubnentry5'.

I apologize for the confusion and the how-to has been updated.

-Kevin

{ 0 comments }

Woot. Offensive Security has released Backtrack 4 Pre-Final to the public.

I updated my Backtrack 4 USB/Persistent Changes/Nessus How-to a couple weeks ago with instructions, but a public link was not available.  The how-to has been updated with download locations and links to the md5sum and sha256sums.

Have fun.

-Kevin

{ 0 comments }

Hi there folks.

With the final release of Backtrack 4 Final right around the corner, I thought I would get ahead of the curve and update the how-to. I have access to the pre-final via the Informer.

The updated version is where the original Beta instructions used to live. I have copied the Beta instructions to a new page. They can be found here.

So here you go.

http://www.infosecramblings.com/backtrack/backtrack-4-usbpersistent-changesnessus/

-Kevin

{ 0 comments }

Setting up TrueCrypt on Backtrack 4

by kriggins on March 24, 2009

in Uncategorized

In my previous post, we setup an encrypted private directory to address being able to keep the data from a pen test safe. I also found that TrueCrypt works great on Backtrack 4. It also addresses the issue of file and directory names not being encrypted. Of course the downside is that the volume must be manually mounted each time or at least I haven't worked out how to automatically mount it yet.

Assumptions

  1. You have already created a bootable Backtrack 4 thumb drive with persistent changes.
  2. You are using Backtrack 4 as root.
  3. The following is performed with a windows manager active, e.g. KDE.
  4. You are familiar with TrueCrypt

Installing TrueCrypt

Installing TrueCrypt is almost as easy as setting up encrypted private directories. The following steps will get TrueCrypt installed and ready to be configured.

First we need to download the install package. I picked the 'Ubuntu - x86 .deb' option on the TrueCrypt download page. I used Firefox and saved the file to root's home directory.

Next execute the following commands from a terminal session in root's home directory:

tar zxvf truecrypt-6.1a-ubuntu-x86.tar.gz

chmod +x truecrypt-6.1a-setup-ubuntu-x86

./truecrypt-6.1a-setup-ubuntu-x86

At this point, you will have a gui install window with a couple options on it. Click on 'Install TrueCrypt' and follow the prompts.

Now it's time to setup up our TrueCrypt volume. To do so, either from the 'run' command option on the menu or from a terminal session execute truecrypt. You should end up with a window like the following.

truecrypt_1

The next step is to create our encrypted volume. We do that by clicking on the 'Create Volume'' option above and using the following screen.

truecrypt_2

Follow the prompts and create a volume. Once that is done you can mount the volume and begin using it.

As always, feel free to leave a comment with your thoughts and/or questions.

-Kevin

{ 1 comment }

Steff left the following comment on the Backtrack 4 how-to page.

...next thing is now to figure how to have the second partition encrypted so that every collected info will stay safely encrypted on the “change” partition....

I hadn't really thought about that and promptly started kicking myself repeatedly in the rear end. Having the output of a penetration test on a USB drive is an awfully good reason to make sure that data is not accessible should we lose said drive.

This got me started on a search for a method to encrypt data on our thumb drive. I found two that work although I am sure there are plenty of other ways to accomplish the same thing. This post describes how to setup an Encrypted Private Directory. A later post will describe the second method.

Assumptions

  1. You have already created a bootable Backtrack 4 thumb drive with persistent changes.
  2. You are using Backtrack 4 as root. You can do this with a non-root user also, just make sure to perform the apt-get install as root and then execute the ecrypt  setup as the user.

Encrypted Private Directory

Backtrack 4 is built on Ubuntu 8.10. This is great news for us because Ubuntu 8.10 supports something called encrypted private directories. This is a directory in your home directory, ~/Private by default, with a nifty feature. Any file written to this directory is automatically encrypted using the AES algorithm by default.

Setting this up is very easy and the Ubuntu documentation has almost all the information you need. I found you will need to perform an initial 'apt-get update' before you will be able to install the packages. Don't be concerned when you receive an error during the apt-get update. This is normal and can be fixed, but isn't vital at this point. Here are the steps to take:

apt-get update
apt-get install ecryptfs-utils
ecryptfs-setup-private

After you execute the last command, you will be prompted to enter your login password and either choose a mount pass phrase or generate one.

Logout and log back in to establish the mount

There you have it. You now have a directory in your home directory called Private. Any files written into that directory will be encrypted. Those changes will also be persisted into the changes folder.

Caveat: File and directory names are not encrypted. Be careful what you use for file and directory names.

The Ubuntu documentation gives more details of how you can use the directory such as setting up symlinks to common files. Those directions should be taken into account with your Nessus install. Nessus by default saves information in the users home directory.

As always, feel free to leave a comment with your thoughts and/or questions.

-Kevin

Reblog this post [with Zemanta]

{ 2 comments }