![\"image\"](\"\/wp-content\/uploads\/2009\/07\/image.png\" "\\"image\\"")
<\/font><\/a><\/p>\nDownload backtrack from <\/font>http:\/\/www.remote-exploit.org\/backtrack_download.html<\/font>. Current version at the time of writing is BT4 Pre-Final.This document is based on BT4 pre-final. Ergo, some of the instructions below may not work with other versions of BT.<\/font><\/p>\n FYI : An excellent guide about Backtrack4 can be found at BackTrack 4 \u2013 The Definitive Guide<\/a><\/font> <\/p>\n<\/h4>\n <\/p>\n http:\/\/www.offensive-security.com\/videos\/install-backtrack-hard-disk\/install-backtrack-hard-disk.html<\/a><\/p>\n Installing VirtualBox guest additions (if you have installed BT on VirtualBox) :<\/p>\n <\/p>\n Check out Backtrack 4 USB Install - Offensive Security and http:\/\/forums.remote-exploit.org\/backtrack-4-howto\/23652-bt4-usb-installation-noob-proof-tutorial.html<\/p>\n This procedure only works for Backtrack 4 Pre-final. You need a 4Gb (or bigger) USB stick to run BT4 Pre-Final.<\/p>\n Use the default journal size (8192 blocks)<\/p>\n<\/p><\/div>\n<\/ul>\n<\/li>\n (don\u2019t forget the backslashes after \u2018cdrom\u2019 and after \u2018sda1\u2019 !)<\/p>\n<\/p><\/div>\n<\/ul>\n<\/li>\n <\/p>\n <\/p>\n Alternatively, you can create a USB based BT from Windows by using UNetbootin<\/a> (Windows).<\/p>\n Partition the USB drive (as explained above), run UNetbootin, select the BT4 Pre-final ISO file, select the USB drive and install.<\/p>\n After the installation, find syslinux.cfg in the root of the first partition on the USB. Edit the file and add the vga=0x317 parameter after \u201cStart Persistent Live CD\u201d (under label ubnentry4)<\/p>\n At the top of the file, set default to ubnentry4. Save the file and you\u2019re all set<\/p>\n <\/p>\n Networking<\/u><\/strong><\/p>\n By default, DHCP (or networking for that matter) is disabled. You need to run \u2018\/etc\/init.d\/networking start<\/em>\u2019 to start networking. If you want to load networking at boot (on a HD install or USB with persistent changes), add that command into \/etc\/init.d\/rc.local or run \u201csudo \/usr\/sbin\/update-rc.d networking defaults<\/em>\u201d<\/p>\n Wireless networking can be started with Knetworkmanager (run \u201csudo<\/em> \/etc\/init.d\/NetworkManager\u201d<\/em>)<\/p>\n SSH<\/u><\/strong><\/p>\n Edit ssh config and disable root logon via ssh :<\/p>\n sudo vi \/etc\/ssh\/sshd_config<\/em> and set \u201cPermitRootLogin\u201d to no.<\/p>\n If you get an error about the ssh_host_dsa_key or ssh_host_rsa_key not being found, generate the keys and try again<\/p>\n Starting OpenBSD Secure Shell server: sshd <\/p>\n <\/em>Could not load host key: \/etc\/ssh\/ssh_host_dsa_key<\/em> <\/p>\n Could not load host key: \/etc\/ssh\/ssh_host_rsa_key<\/em><\/p>\n Generate host keys :<\/p>\n Start sshd (\u201csudo \/etc\/init.d\/ssh start\u201d)<\/em><\/p>\n If you want to enable ssh to start at boot time, run update-rc.d ssh defaults<\/em><\/p>\n <\/p>\n <\/em><\/p>\n To download and install all new updates, run apt -get dist- upgrade<\/em><\/p>\n The first time you run the apt-get update, you may get an error \u201cGPG error : http:\/\/ppa.launchpad.net<\/a> intrpid Release: The following signatures couln\u2019t be verified because the public key\u2026\u201d<\/p>\n Quick fix :<\/p>\n (Then run the apt-get update again and it should work)<\/p>\n Upgrading the distro to the lastest version :<\/p>\n Warning : an \u201cupgrade\u201d in BT4Beta will also upgrade KDE to 3.5.. If KDE is not working anymore after update\/upgrade ? (a.k.a. \u2018startx\u2019 does not seem to work) :<\/p>\n (this issue should be fixed in the final version)<\/p>\n <\/p>\n Updating security components<\/u><\/strong><\/p>\n First update fast-track, then update other individual components (Metasploit, Aircrack, nikto, etc; or choose \u20189\u2019 to update all)<\/p>\n If updating nikto doesn\u2019t work :<\/p>\n Fix :<\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n First, download the Nessus and NessusClient installation packages from the Nessus (Tenable Network Security) website : http:\/\/www.nessus.org\/download\/<\/a><\/p>\n (Choose \u2018Nessus for Linux\u2019) and download the packages for Ubuntu. Put the .deb files in \/tmp<\/p>\n Install Nessus Daemon<\/u><\/strong><\/p>\n Install Nessus Client<\/u><\/strong><\/p>\n Before installing the client, you will need to install some dependencies :<\/p>\n <\/p>\n Now you can install the client :<\/p>\n <\/p>\n Create Certificate <\/u><\/strong><\/p>\n <\/u><\/strong><\/p>\n Create a Nessus user<\/u><\/strong><\/p>\n <\/p>\n Register\/update plugins<\/u><\/strong><\/p>\n Get yourself a key that will provide access to the free home update feed : Register a HomeFeed<\/p>\n You will receive an email that contains the feed code.<\/p>\n Install\/Register the code with the following command (and update the plugins at the same time) :<\/p>\n Verify that \u201cauto_update\u201d in \/opt\/nessus\/etc\/nessus\/nessusd.conf is set according to the behaviour you want to achieve. If you want to manually update the plugins, you can run :<\/p>\n <\/p>\n Make sure Nessus does not start at boot<\/u><\/strong><\/p>\n <\/p>\n Launch Nessus daemon<\/u><\/strong><\/p>\n <\/p>\n Install additional plugins<\/u><\/strong><\/p>\n http:\/\/www.alienvault.com\/free_feed_for_nessus.php<\/a><\/p>\n Nessus\/OpenVAS wrapper for ike-scan<\/a><\/p>\n <\/p>\n <\/p>\n Crack WEP : Cheatsheet - Cracking WEP with Backtrack 4 and aircrack-ng<\/a><\/p>\n Crack WPA2 PSK : Cheatsheet - Cracking WPA2 PSK with Backtrack 4, aircrack-ng and John The Ripper<\/a><\/p>\n Wepbuster : Download from http:\/\/code.google.com\/p\/wepbuster\/<\/a>. Installation procedure (assuming that wepbuster was downloaded into \/tmp) :<\/p>\n1. Installing Backtrack to a harddrive (using Ubiquity)<\/h4>\n
\n
\n
2. Running Backtrack from USB (with support for persistent changes)<\/h4>\n
\n
<\/a> <\/li>\n\n
\n
\n
\n
\n
\n
\n
\n
<\/a> <\/li>\n\n
mkfs.vfat -F 32 -n BT4 \/dev\/sda1 mkfs.ext3 -b 4096 -L casper-rw \/dev\/sda2<\/pre>\n
\n
mkdir \/mnt\/sda1 mount \/dev\/sda1 \/mnt\/sda1 rsync -avh \/media\/cdrom\/ \/mnt\/sda1\/ <\/pre>\n
\n
grub-install --no-floppy --root-directory=\/mnt\/sda1 \/dev\/sda1<\/pre>\n
<\/a> <\/p>\n<\/p><\/div>\n<\/ul>\n<\/li>\nvi \/mnt\/sda1\/boot\/grub\/menu.lst<\/pre>\n<\/p><\/div>\n
cd \/ umount \/mnt\/sda1<\/pre>\n<\/p><\/div>\n<\/li>\n<\/ul>\n
\n
3. Networking and Network Services<\/h4>\n
ssh-keygen -t dsa -f \/etc\/ssh\/ssh_host_dsa_key ssh-keygen -t rsa -f \/etc\/ssh\/ssh_host_rsa_key<\/pre>\n<\/p><\/div>\n
<\/h4>\n
4. Keeping Backtrack up-to-date<\/h4>\n
\/usr\/bin\/apt-get -y update \/usr\/bin\/apt-get -y upgrade<\/pre>\n<\/p><\/div>\n
wget http:\/\/apt.pearsoncomputing.net\/public.gpg<\/span> sudo apt-key add public<\/span>.gpg rm public<\/span>.gpg<\/pre>\n<\/p><\/div>\napt-get update && apt-get dist-upgrade -y<\/pre>\n<\/p><\/div>\n
root@bt:~# cd \/etc\/alternatives\/ root@bt:\/etc\/alternatives# mv x-session-manager x-session-manager-broken root@bt:\/etc\/alternatives# ln -s \/opt\/kde3\/bin\/startkde x-session-manager root@bt:\/etc\/alternatives# startx<\/pre>\n<\/p><\/div>\n
\/pentest\/exploits\/fast-track.py -i<\/pre>\n<\/p><\/div>\n
Updating Nikto... cd: 1: can't cd to \/pentest\/scanners\/nikto\/ \/bin\/sh: .\/nikto.pl: not found <\/pre>\n<\/p><\/div>\n
root@bt:~# mkdir \/pentest\/scanners\/nikto\/ root@bt:~# ln -s \/usr\/bin\/nikto \/pentest\/scanners\/nikto\/nikto.pl root@bt:\/pentest\/exploits\/~# .\/fast-track -c 1 2<\/pre>\n<\/p><\/div>\n
5. Change keyboard layout<\/h4>\n
dpkg-reconfigure console-setup<\/pre>\n<\/p><\/div>\n
6. Installing Nessus<\/h4>\n
root@bt4-1:\/tmp# ls Nessus* -al -rw-r--r-- 1 root root 3002846 Jul 4 15:46 Nessus-4.0.1-ubuntu810_i386.deb -rw-r--r-- 1 root root 500624 Jul 4 15:46 NessusClient-4.0.1-ubuntu810_i386.deb root@bt4-1:\/tmp# root@bt4-1:\/tmp# dpkg --install Nessus-4.0.1-ubuntu810_i386.deb<\/strong> Selecting previously deselected package nessus. (Reading database ... 183074 files and directories currently installed.) Unpacking nessus (from Nessus-4.0.1-ubuntu810_i386.deb) ... Setting up nessus (4.0.1) ... nessusd (Nessus) 4.0.1. for<\/span> Linux (C) 1998 - 2009 Tenable Network Security, Inc. - Please run \/opt\/nessus\/sbin\/nessus-adduser to add a user - Register your Nessus scanner at http:\/\/www.nessus.org\/register\/ to obtain<\/span> all the newest plugins - You can start nessusd by typing \/etc\/init.d\/nessusd start root@bt4-1:\/tmp# <\/pre>\n<\/p><\/div>\nroot@bt4-1:\/tmp# apt-get install libqt4-core libqt4-gui libqtcore4 libqt4-network libqt4-script libqt4-xml libqt4-dbus libqt4-test libqtgui4 libqt4-svg libqt4-opengl libqt4-designer libqt4-assistant<\/strong> Reading package lists... Done Building dependency tree Reading state information... Done libqtcore4 is<\/span> already the newest version. libqtcore4 set to manually installed. libqt4-network is<\/span> already the newest version. libqt4-network set to manually installed. libqt4-script is<\/span> already the newest version. libqt4-script set to manually installed. libqt4-xml is<\/span> already the newest version. libqt4-xml set to manually installed. libqt4-dbus is<\/span> already the newest version. libqt4-dbus set to manually installed. libqt4-test is<\/span> already the newest version. libqt4-test set to manually installed. libqtgui4 is<\/span> already the newest version. libqtgui4 set to manually installed. libqt4-svg is<\/span> already the newest version. libqt4-svg set to manually installed. libqt4-designer is<\/span> already the newest version. libqt4-designer set to manually installed. libqt4-assistant is<\/span> already the newest version. libqt4-assistant set to manually installed. The following NEW packages will be installed: libqt4-core libqt4-gui libqt4-opengl 0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded. Need to get 176kB of archives. After this<\/span> operation, 762kB of additional disk space will be used. Get:1 http:\/\/archive.offensive-security.com pwnsauce\/main libqt4-core 4.4.3-0ubuntu1.2 [7562B]<\/span> Get:2 http:\/\/archive.offensive-security.com pwnsauce\/main libqt4-opengl 4.4.3-0ubuntu1.2 [161kB]<\/span> Get:3 http:\/\/archive.offensive-security.com pwnsauce\/main libqt4-gui 4.4.3-0ubuntu1.2 [7554B]<\/span> Fetched 176kB in<\/span> 1s (114kB\/s) debconf: apt-extracttemplates failed: Bad file descriptor Selecting previously deselected package libqt4-core. (Reading database ... 183131 files and directories currently installed.) Unpacking libqt4-core (from ...\/libqt4-core_4.4.3-0ubuntu1.2_i386.deb) ... Selecting previously deselected package libqt4-opengl. Unpacking libqt4-opengl (from ...\/libqt4-opengl_4.4.3-0ubuntu1.2_i386.deb) ... Selecting previously deselected package libqt4-gui. Unpacking libqt4-gui (from ...\/libqt4-gui_4.4.3-0ubuntu1.2_i386.deb) ... Setting up libqt4-core (4.4.3-0ubuntu1.2) ... Setting up libqt4-opengl (4.4.3-0ubuntu1.2) ... Setting up libqt4-gui (4.4.3-0ubuntu1.2) ... Processing triggers for<\/span> libc6 ... ldconfig deferred processing now taking place<\/pre>\n<\/p><\/div>\nroot@bt4-1:\/tmp# dpkg --install NessusClient-4.0.1-ubuntu810_i386.deb<\/strong> Selecting previously deselected package nessusclient. (Reading database ... 183150 files and directories currently installed.) Unpacking nessusclient (from NessusClient-4.0.1-ubuntu810_i386.deb) ... Setting up nessusclient (4.0.1) ...<\/pre>\n<\/p><\/div>\n
root@bt4-1:\/tmp# \/opt\/nessus\/sbin\/nessus-mkcert<\/strong> ------------------------------------------------------------------------------- Creation of the Nessus SSL Certificate ------------------------------------------------------------------------------- This script will now ask you the relevant information to create the SSL certificate of Nessus. Note that this<\/span> information will *NOT* be sent to anybody (everything stays local), but anyone with the ability to connect to your Nessus daemon will be able to retrieve this<\/span> information. CA certificate life time in<\/span> days [1460]: Server certificate life time in<\/span> days [365]: Your country (two letter code) [FR]: BE Your state or province name [none]: WVL Your location (e.g. town) [Paris]: Deerlijk Your organization [Nessus Users United]: Corelan Congratulations. Your server certificate was properly created. The following files were created : . Certification authority : Certificate = \/opt\/nessus\/\/com\/nessus\/CA\/cacert.pem<\/span> Private key = \/opt\/nessus\/\/var\/nessus\/CA\/cakey.pem<\/span> . Nessus Server : Certificate = \/opt\/nessus\/\/com\/nessus\/CA\/servercert.pem<\/span> Private key = \/opt\/nessus\/\/var\/nessus\/CA\/serverkey.pem<\/span> root@bt4-1:\/tmp# <\/pre>\n<\/p><\/div>\nroot@bt4-1:\/tmp# \/opt\/nessus\/sbin\/nessus-adduser<\/strong> Login : MyGreatNessusAdminUser Authentication (pass\/cert) : [pass] Login password : Login password (again) : Do you want this<\/span> user to be a Nessus 'admin'<\/span> user ? (can upload plugins, etc...) (y\/n) [n]: y User rules ---------- nessusd has a rules system which allows you to restrict the hosts that peter has the right to test. For instance, you may want him to be able to scan his own host only. Please see the nessus-adduser manual for<\/span> the rules syntax Enter the rules for<\/span> this<\/span> user, and enter a BLANK LINE once you are done : (the user can have an empty rules set) Aborted by end-user.<\/pre>\n<\/p><\/div>\nroot@bt4-1:\/tmp# \/opt\/nessus\/bin\/nessus-fetch --register PUT-YOUR-CODE-HERE <\/strong>Your activation code has been registered properly - thank you. Now fetching the newest plugin set from plugins.nessus.org... Your Nessus installation is<\/span> now up-to-date. If auto_update is<\/span> set to 'yes'<\/span> in<\/span> nessusd.conf, Nessus will update the plugins by itself.<\/pre>\n<\/p><\/div>\nroot@bt4-1:\/tmp# \/opt\/nessus\/sbin\/nessus-update-plugins<\/strong> Fetching the newest updates from nessus.org... Done. The Nessus server will restart when its scans are finished<\/pre>\n<\/p><\/div>\n
root@bt4-1:\/tmp# update-rc.d -f nessusd remove<\/strong> Removing any system startup links for<\/span> \/etc\/init.d\/nessusd ... \/etc\/rc0.d\/K20nessusd \/etc\/rc1.d\/K20nessusd \/etc\/rc2.d\/S20nessusd \/etc\/rc3.d\/S20nessusd \/etc\/rc4.d\/S20nessusd \/etc\/rc5.d\/S20nessusd \/etc\/rc6.d\/K20nessusd<\/pre>\n<\/p><\/div>\nroot@bt4-1:\/tmp# \/etc\/init.d\/nessusd start<\/strong> Starting Nessus : . root@bt4-1:\/tmp# <\/pre>\n<\/p><\/div>\n
7. Wireless auditing<\/h4>\n