Archive

Tag Archives: testing

Backtrack Linux: Can Security Testing Get Any Easier?

By
November 21, 2008
FLOSS
2 Comments

I have dealt with a lot of Linux distros since I first learned the power of my newfound penguin friend. He was free unlike a Microsoft or Apple product, had thousands of available programs (also free), and looked damn classy while he was in control of my computer.

My first forays were using live Linux CDs on an old 1998 Gateway computer, then I experimented with installing Fedora, Ubuntu, and Debian. However, after a while I started to stray from my new friend and I found myself going back to old habits, using XP and eventually embroiling myself in the OSX86 project and experimenting with Tiger and then Leopard. I gave up on Linux for a while and divided my OS use between my hackintosh and Vista boxes.

Choices
I was perfectly content with my two choices up until I started experimenting with network security. Sure, you can get network security tools for both of the major systems, but they are nothing compared to the plethora available when you choose Linux as your auditing operating system. I started with Kubuntu and customized my installation with as many security apps as I could find. This was a bit of a heavy-handed approach to things, and it took up a good size of my laptop hard drive. What I needed was a more portable solution.
Backtrack
I found everything I could ever want and hope for when a friend of mine introduced me to Backtrack. He performed a Man In The Middle (MITM) attack on a sample LAN, replacing every photo URL that I browsed for in Firefox with one of a skull and crossbones. I had never seen such pirate witchcraft done so easily, so I asked him what other things this Linux distribution could do. He basically told me that nearly everything you could ever want for wardriving, penetration testing, vulnerability testing, privilege escalation, and just all-round mayhem could be performed with this distribution. And the best part about the whole deal is that it is a live cd distro. You don’t need to install it to your hard drive in order to perform security tests, for that matter it doesn’t even have to be your computer! Just have the CD with you and you are good to go.
Backtrack is developed by the remote-exploit community over at remote-exploit.org. When I was first introduced to Backtrack the latest iteration was Backtrack 2, and I loved what I saw. Backtrack 3 has since come out and looks spiffier than ever with more tools and updated software.
Is it good?
I’ll sum up my feelings for Backtrack in one simple statement: This is the only Linux I use. It has exactly what you’re looking for. The only thing that it does not have that might be useful to me is Open Office.

Now, I’d love to list in detail all of the lovely tools that Backtrack has, but you would be scrolling for quite a while and and this article probably wouldn’t have gotten done until sometime around 2010. Don’t fear though! Here is the link to the Backtrack wiki page that details the tools that can be found in Backtrack’s arsenal.
Now, you might ask yourself, “What’s better than a live cd Linux that does penetration testing and just about any other testing I’d ever want?”. I will answer that question with: A live USB thumbdrive Linux that does penetration testing and just about any other testing you’d ever want.
Creating the thumbdrive
You only need the following to create a keychain portable Linux OS:
Requirements:
1GB or bigger thumbdriveBacktrack .iso fileNifty little program called UNetbootinIn order to guarantee a clean installation of Backtrack, be sure to format your thumbdrive to clean out any files. I suggest using FAT32 when you are formatting it, simply because I know that it works and I’ve never had any problems. The Backtrack .iso file can be downloaded here.
Because your thumbdrive is 1 GB, it can handle the USB version that has a bit more stuff packed into it. That is the version I suggest downloading.

UNetbootin
UNetbootin will take any .iso file and “burn” it to your thumbdrive painlessly and especially fast. It will do this with ANY Linux distro, not just Backtrack. I love this program and I’ve used it dozens of times. Its interface is pretty much self explanatory:

Click the … next to the ISO text field and select the Backtrack (or any other Linux distro) .iso file, make sure that the correct USB drive is selected in the Drive: drop down menu, and then click OK. UNetbootin will now copy over the operation system from the .iso file and burn it to your thumbdrive. Once its done copying the files, it will install a bootloader to your USB drive, and then prompt you for a restart in order to load Backtrack. This part is obviously optional, but if your a little zoned you you might just click ok and lose whatever you may have been working in in other windows, so try to be careful.

Conclusion
It’s as simple as that, you now have Linux on a thumbdrive that can travel with you wherever you go. Be careful how you use your new found power, a lot of the apps on Backtrack are useful for security testing, but could be twisted for use on the dark side of things. I don’t condone using Backtrack for nefarious deeds, and I suggest that you do not follow that path.

If you would like some tutorials in how to use the features found in Backtrack, IronGeek has a few videos available that can help you along.

Follow

Get every new post delivered to your Inbox.