Backtrack 4 - USB/Persistent Changes/Nessus
This how-to will show you a method for building a usb thumbdrive with the following features:
* Persistent Changes - Files saved and changes made will be kept across reboots.
* Nessus and NessusClient installed - Everybody needs Nessus
Table of contents:
Assumptions, Tools and Supplies
Partition the USB thumbdrive
Make a bootable Backtrack 4 USB thumbdrive
Persistent Changes
Install Nessus
Assumptions, Tools and Supplies
This guide is written with the following assumptions:
1. You know how to partition and format disks.
2. You are familiar with Backtrack.
3. You are familiar with Nessus.
4. You are familiar with Linux.
5. You are familiar with Windows.
Tools and supplies:
1. A USB thumbdrive - minimum capacity 2GB
2. A Backtrack 3 CDROM, Backtrack 4 DVD or an additional USB thumbdrive (minimum 1GB) - Used to partition the thumbdrive.
3. UNetbootin - A tool to transfer an iso image to a USB drive.
So, without further au dieu, let’s get started!
Partition the USB thumbdrive
If you have a Backtrack 3 CDROM or Backtrack 4 DVD, you are in good shape, if you don’t and are using an additional USB thumbdrive, skip to here and then return once you have a bootable Backtrack 4 device. I know this seems convoluted, but it’s the easiest and most sure way I know to get us where we want to go.
First let’s partition our thumbdrive. I used a 4 GB drive as I read that we would need 1.2 GB for persistent changes. After I got everything working, it looks to me like we can get away with a 2 GB stick if we are careful about regular cleanup of log files. Nessus tends to be the main culprit here.
Regardless of the size thumbdrive we use, we need to partition and format the drive as follows:
1. The first partition needs to be a primary partition of at least 1 GB and formated as FAT32.
2. The second Partition can be the rest of the thumbdrive. It needs to be formatted as ext2.
If you try to use Windows to re-partition the drive, you will likely run into some problems. Windows sees most USB thumbdrives as removable media and does not support multiple partitions on them. It also does not allow us to delete the existing partition from the drive. This is because most thumbdrives have the ‘Removable Media Bit’ set. This blog post describes the situation very well. I would not recommend trying their suggestion since it really isn’t necessary.
The easy way to get around the problem is to re-partition the drive using Linux. That’s why we need the Backtrack CDROM although any Linux system will work. So go ahead and partition and format the drive according the layout above. Once I was done with this step, I switched back to a Windows system for the next few steps.
Make a bootable Backtrack 4 USB thumbdrive
Now we need to download the Backtrack 4 ISO.
Description: DVD Image
Name:: bt4-beta.iso
Size: 854 MB
MD5: 7d1eb7f4748759e9735fee1b8a17c1d8
Download: Click here
So now we have a usb thumbdrive with at least one 1 GB FAT32 partition on it.
The next step is to make it a bootable USB thumbdrive. There is a much easier way now. We are going to use the UNetbootin tool mentioned above. It is super easy to use. Just start UNetbootin, select the Backtrack 4 ISO, select the USB drive and click okay. You may get a warning that files exist on your USB drive. After making sure you picked the right one, tell it to go ahead and replace the files. It’ll chug along and before you know it you will have a bootable thumbdrive. Much easier than the rigmarole we had to go through before.
Persistent Changes
Let’s configure persistent changes while booted to Backtrack 4. Once we have booted into Backtrack we need to configure the rest of the thumbdrive if we haven’t already done so. I used fdisk to create a second partition from the remainder of the drive and formatted it with mkfs.ext2. In my case my usb drive was /dev/sdb.
Once we have a formatted second partition, mount it and create a changes directory in the root of the file system.
1. open a terminal windows
2. mount /dev/sdb2 /mnt/sdb2
3. cd /mnt/sdb2
4. mkdir changes
Next we need to make some changes to how the system boots. Execute the following:
1. cd /boot/syslinux
2. chmod +Xx lilo
3. chmod +Xx syslinux
Open syslinux.cfg with your favorite editor and make the following change. Note: I copied the boot definition I wanted to change and created a new entry so I would have a fall back option if something became broken. Again, I booted to KDE.
1. Find the line “LABEL BT4?.
2. Copy that line and next 3 and paste them right below the existing line.
3. Change the “LABEL BT4? to something you want like “LABEL BT4-persist” and description to something like “MENU LABEL BT4 Beta - Console - Persistent”
4. Change the line that begins with APPEND in your copied section by adding “changes=/dev/sdx2? immediately after “root=/dev/ram0 rw” where the x is the drive appropriate for your system. In my case it looks like this, “….root=/dev/ram0 rw changes=/dev/sdb2….”
5. Save your changes and exit the editor.
That should do it. Reboot and select the option you setup configured. To test it, create a file and reboot again. If your file is still there, everything is golden.
Install Nessus
Now that our changes are saved from boot to boot, we can install things and they won’t disappear on us
Download the Ubuntu Nessus and NessusClient packages from nessus.org. I used the 32-bit 8.04 version which worked fine for me.
Again, with Backtrack 4 things are little easier. To install the Nessus server, simply execute the following command to install the package.
dpkg --install Nessus-3.2.1-ubuntu804_i386.deb
Things are little bit more complicated or the client. There are some dependencies that need to be installed first. Luckily, we have apt to help us with this. Execute the following command to install them. It is all one line.
apt-get install libqt4-core libqt4-gui libqtcore4 libqt4-network libqt4-script libqt4-xml libqt4-dbus libqt4-test libqtgui4 libqt4-svg libqt4-opengl libqt4-designer libqt4-assistant
After than, we can install the client package.
dpkg --install NessusClient-3.2.1.1-ubuntu804.i386.deb
Finally it’s time to configure Nessus. Execute each of the following and follow the prompts.
/opt/nessus/sbin/nessus-mkcert
/opt/nessus/sbin/nessus-adduser
You need to go here and request a key so you can get your feed. That is a link to the free feed for home use. Use appropriately.
Once you have your key. Execute the following to update your plugins. Please note that there are two dashes before register in the nessus-fetch line below. They can display as one sometimes.
cd /opt/nessus/etc/nessus
/opt/nessus/bin/nessus-fetch --register [your feed code here]
When that is done, and it is going to take a few minutes, you are ready to start the server and client.
/etc/init.d/nessusd start
/opt/nessus/bin/NessusClient
Woohoo, time to find those vulnerabilities.
Accueil
Portail
Bon ça y'est, Sciences Po finies 