It’s been a while since my last post…I’ve been busy playing with cool new things, writing some Post Modules for Metasploit (that will hopefully get accepted and published), and last but not least the daily grind. Anyways, this blog post is for the cool new things……namely BackTrack 5! It’s been about a month or so since BackTrack 5 was available for download, and after playing with the release for a while and running through a couple of installs on various machines and VM’s I decided to document my steps for configuration past install. Now this is not a tutorial on how to install BT to your Drive, but more of a collection of the tips and tricks I have picked up and the customizations I found helpful. For details on how to get it and how to install it I will refer you over to the BackTrack site.

First Steps

First of all reset your password

root@bt:~# passwd

Next, I’ll walk though disabling some stuff set to start on boot. I grew accustomed to starting with nothing running, like BT 4 used to. This version out of the box starts networking and DHCP, portmap, statd, and a postgres db instance for Metasploit. First of all, BT5 handles running scripts/services on start a little differently than the previous versions. It utilizes the newer upstart job system as well as the older init.d and rc*.d scripts, kind of similar to newer versions of Ubuntu.

Upstart jobs are basically config files located in the /etc/init/ directory and contain directives that tell it what to do and on what event to execute. The older init.d scripts are linked to the upstart job if one exists and will generate an error telling you to use the upstart job instead if invoked from a command line. To manage these services use the initctl commands (start, stop, list, etc). The start-up behavior of Networking, portmap, and statd is controlled by by these jobs. To understand how these jobs work, let’s take a look at the networking.conf from the /etc/init/ directory:

description "configure virtual network devices" start on (local-filesystems          and stopped udevtrigger) task pre-start exec mkdir -p /var/run/network exec ifup -a 

So it starts when local-filesystems are started (an event trigger) and executes and ifup -a. That reads your interfaces files and brings up any interfaces that are set to auto there. so, just open your interfaces file, delete all the interfaces you don’t need, add static information for eth0 (if desired) and comment out the “auto” lines. You can then start your networking with ifup eth0 (if thats the interface you use). Below is what my /etc/network/interface file looks like:

To disable Portmap and Statd, you need to edit the /etc/init/portmap-boot.conf file. You just need to comment the “exec” line. Here is what my edited file looks like:

The “framework-postgres” service is started from good ole rc*.d. belwo is the update-rc command to prevent that from starting at boot

Next I disabled KPackageKit (I like apt-get better) and NetworkStatus services from within the KDE Service Manager GUI. You can access this from the KDE Menu item Settings -> System Settings -> Startup and Shutdown. Here’s a screen shot:

After your done, reboot. After you log back in, do a netstat to verify you don’t have anything running. I use -tuanp options to get a good feel for what you have listening. Now on to installing some applications….

Installing and Configuring Applications:

As I mentioned before, I favor apt-get over any of the GUI based stuff so all my apps are installed from the Konsole via apt-get install <name>. Here are the list of necessities for me:

apt-get install kateapt-get install kcalcapt-get install cadaverapt-get install pure-ftpdapt-get install xchatapt-get install bansheeapt-get install openoffice.orgapt-get install ksnapshotapt-get install okularapt-get install oketa 

Now I really like BasketNotes, but it isn’t in the BT repositories and I didn’t have much luck installing from source so I had to kind of jury rig it. This is not recommended by the BT folks, but I haven’t had any problems so far. Anyways, I added the repo, installed the app, and then removed the repo by opening the source.list file and deleting the entry. Use this at your own risk…See the screen shots for details:

Next I fire up Kate and configure it for use. I use Kate as my main script editor for python, ruby, etc. so I make a few adjustments to make it easier to use. From the top menu select Settings -> Configure Kate. Update the following items:

• under editor component -> open/save -> advanced -> Backup on save – clear all check boxes
• under editor component -> Appearance – check “show line numbers” and “show indention lines”
• under application -> Sessions – check start a new session

Now it’s time to update your system, including Metasploit, and Exploit db. I usually update these every time I boot up my laptop. First to update you system from the repos:

root@bt:~# apt-get update && apt-get upgrade 

Now let’s update Metapsloit:

root@bt:~# cd /pentest/exploits/framework3root@bt:~# svn update 

…and for exploit db, we need to get things set up so we can just do a svn update from here on out:

root@bt:~# cd /pentest/exploitsroot@bt:~# cp exploitdb/searchsploit searchsploitroot@bt:~# rm -rf exploitdbroot@bt:~# svn co svn://www.exploit-db.com/exploitdbroot@bt:~# mv searchsploit /exploitdb/searchsploit 

Here’s how we will update that from here on out:

root@bt:~# cd /pentest/exploits/exploitdbroot@bt:~# svn update 

If you have a laptop, your probably going to want to disable tap-to-click on the track pad. That just drives me crazy, and so dod figuring out how to fix it. To do so, edit the /usr/lib/X11/xorg.conf.d/10-synaptics.conf using nano or kate and add the line: Option “MaxTapTime” “0″ to first the first section. see the screen shot below:

Now let’s get our FTP server up and running. Basically, we are going to create an FTP directory, an ftp user and group on our system to run the service, and a ftp user/password to log in with. Here are the commands that will need to be run to accomplish this (note after the “pure-pw useradd” command you will be prompted to set the password):

root@bt:~# mkdir /ftphomeroot@bt:~# groupadd ftpgrouproot@bt:~# useradd -g ftpgroup -d /dev/null -s /etc ftpuserroot@bt:~# pure-pw useradd Kx499 -u ftpuser -d /ftphomeroot@bt:~# pure-pw mkdbroot@bt:~# cd /etc/pure-ftpd/auth/root@bt:~# ln -s ../conf/PureDB 60pdbroot@bt:~# chown -R ftpuser:ftpgroup /ftphome/root@bt:~# /etc/init.d/pure-ftpd restartroot@bt:~# update-rc.d -f pure-ftpd remove 

Now once you have it set up, you’ll use the pure-pw utility for all your user maintenance. for example, to change the password your would use this command(again, you will be prompted for new password):

root@bt:~# pure-pw passwd [user]root@bt:~# pure-pw mkdb 

Ok, on to Dradis. Dradis is an excellent tool for documentation and a good place to organize all your information during a pen test. Before I get into it, there is an excellent post with some useful templates that I use here…Sometime down the road I’ll put together a blog post on customizing and using Dradis. The framework has a decent set of import plugins and is very customizable with the ability to import just about any kind of data with a little ruby fu. details can be found on their site here

Alright, to get it going navigate to the /pentest/misc/dradis directory and run the following commands. The ./reset.sh will only be run the first time and any time you want to start over with a fresh database. It 1) backs up the database and files to an archive 2) clears the database for a fresh slate.

root@bt:~# ./reset.shroot@bt:~# ./start.sh 

Next you’ll want to open your web browser to https://127.0.0.1:3004 and set up your password. You’ll enter it twice and then click the “initialize” button. this will be the password you will use every time you or any else accesses the web client. This will have to be done only after running the reset.sh script. From here on out you will just log in with the user name of your choice (it doesn’t matter) and your password. See the screen shots below:

Now we need to get Java set up/updated/installed. Download the appropriate version from here and save to your /tmp directory. Then run the following commands (make sure you modify them for the version you are installing) and you should be good to go.

mkdir /opt/java && cd /opt/java && sh /tmp/jre-6u25-linux-i586.binupdate-alternatives --install "/usr/bin/java" "java" "/opt/java/jre1.6.0_25/bin/java" 1update-alternatives --set java /opt/java/jre1.6.0_25/bin/javaln -s /opt/java/jre1.6.0_25/lib/i386/libnpjp2.so /usr/lib/mozilla/plugins/ 

While your at it I would grab some good Firefox plugins too. I personally like Live Http Headers, Show IP, Tamper Data, and SQLite Manager.
And last but not least…let’s get VNC going. I prefer x11vnc over the kde default, I think it just works better, you can get it from the repos:

root@bt:~# apt-get install x11vnc

Once you’ve got it installed, execute it with the -storepasswd option to specify a password and store it to file

root@bt:~# x11vnc -storepasswdEnter VNC password:Verify password:Write password to /root/.vnc/passwd? [y]/n yPassword written to: /root/.vnc/passwd

Now run it with the following options:

x11vnc -xkb -safer -forever -usepw -display :0

I also set up an init.d script so I could get it up and running by just typing “/etc/init.d/x11-vnc start”. You could also use this to set it to start on boot, but I opted not to. Here’s the init.d script that I have saved to /etc/init.d/x11-vnc:

#! /bin/sh### BEGIN INIT INFO# Provides: x11vnc# Required-Start:# Required-Stop:# Should-Start:# Should-Stop:# Default-Start: 2 3 4 5# Default-Stop: 1### END INIT INFO## x11vnc starts and stops the pure-ftpd ftp daemonif [ ! -e `dirname /var/run/x11vnc.pid` ];then       mkdir `dirname /var/run/x11vnc.pid`ficase "$1" in  start)        echo -e "Starting x11vnc: \n"        start-stop-daemon --start --quiet --pidfile /var/run/x11vnc.pid --make-pidfile --background --exec /usr/bin/x11vnc -- -safer -forever -usepw -display :0        ;;   stop)        echo -e "Stopping x11vnc: \n"        start-stop-daemon --stop --quiet --pidfile /var/run/x11vnc.pid        ;;    *)        echo "Usage: x11vnc {start|stop}" >&2        exit 1        ;;esac 

That’s it folks….up and running with all the goodies. Hope you found it useful, and if you have any other tips feel free post a comment. My next blog post will be geared towards getting Nexpose up and running and a small tutorial on how to use it both as a stand alone scanner and integrated with the Metasploit Framework.

UPDATE: To run xchat as another user, use the following commands:

xhost +su - nonrootuser -c xchat