Monday, September 21, 2009

Installing Backtrack3 client in USB thumbdrive with persistent Changes

I was planning to start learning security knowledge using Backtrack, However, by using a live CD, the changes I made will always gone on the next boot while VMWare image methods gives me problems in accessing my hardwares.

To solve the problem, my menthor, Mr. Muslim has suggested me to boot an installation of Backtrack from a USB thumbdrive. And thank you Mr. Muslim, it is a very good solution to it. After googling for a moment, i found a very useful resource here which guides me through the installation. Thank you so much Infosec Ramblings.

I am currently using windows XP. Thus, the guide here will mostly based on a perspective of a Windows XP user. However, users of others OS will find this guide useful too.


First step: Partition the USB FlashDrive.
In my case, I used a 8GB thumdrive for this purpose.

The first step of all is to partition your thumb drive into the format as follows:
  1. First Partition: at least 1GB in FAT32 format.
  2. Second Partition: the rest of thumbdrive capacity in ext2 format.
You may use a linux machine to repartition the thumbdrive. However, if you don't have one, I would like to recommend you to use the live CD named GParted where everthing is in a very user-friendly.Just spend some time with it and i am sure you will be able to master it. GParted can be downloaded here.



Second step: Download the USB image.

To download the USB image of Backtrack 3, click here. Alternatively, you may go to the download page of Remote-Exploit http://www.remote-exploit.org/backtrack_download.html and browse for the image file.



Third step: Extract the folders

In this step, you will need to copy the /bt3 and /boot directory into the first partition of the target thumbdrive (the FAT32 Partition).
*note: if you are a Windows user, the ext2 partition is invisible under "My Computer".

To copy the file from the image file, you may either mount the image file as a virtual CDROM to copy it. Or in my case, use 7-Zip to view the image and copy the files.



Fourth step: Make the Thumbdrive bootable

In windows XP:
  1. Open the command windows. (by enter "cmd" inside the RUN panel under Start Menu).
  2. Change to drive letter of the thumbdrive.
  3. go to the boot directory. Command:
    cd /boot
  4. execute bootinst.bat. Command:
    bootinst.bat

Now, the thumbdrive should be able to boot. Now you may restart the machine and try to boot the thumbdrive.
*note: Remember to modify the BIOS setting accordingly to enable booting from USB devices.



Fifth Step: Identify Thumbdrive device name.


Now, boot up backtrack3 from the thumbdrive. For the options, i would recommend you to use the "Backtrack 3 with KDE" option.

Inside Backtrack3, open the konsole. (it's just beside the KDE Menu Button)
type in the command
fdisk -l

and you will get something like this:
Disk /dev/sda: 250.0 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sda1 * 1 6527 52428096 7 HPFS/NTFS
/dev/sda2 6528 19594 104960677+ 7 HPFS/NTFS
/dev/sda3 19595 30401 86807227+ 7 HPFS/NTFS

Disk /dev/sdb: 8019 MB, 8019509248 bytes
255 heads, 63 sectors/track, 974 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sdb1 * 1 131 1052226 b W95 FAT32
/dev/sdb2 132 974 6771397+ 83 Linux


now, identify the name of the thumbdrive. A tips to it is that the thumbdrive will have 2 partition with the first parttion with system "W95 FAT32" while the second one having system of "Linux". Another method is through the Device capacity. In the example above, my device name is sdb and the partitions are sdb1 and sdb2.



sixth step: Persistent Changes

In this step, we will make use of the partition name obtained in step 5.
  1. Open Konsole.
  2. Navigate to the path of 2nd Partition of the thumbdrive. For example, if the partition name is sdb2, we will use the command below:
    cd /mnt/sdb2
  3. Create a folder named "changes" at the root path of the partition. Command
    mkdir changes

  4. Navigate to "syslinux" folder. Command:
    cd /boot/syslinux

  5. Obtain Access control of the files. Command:
    chmod +Xx lilo
    chmod +Xx syslinux
  6. Open syslinux.cfg for editing.Command:
    kedit syslinux.cfg
  7. copy the following lines to the line next to the line "
    DEFAULT /boot/vesamenu.c32"
    LABEL MyBT3
    MENU LABEL My Backtrack3
    KERNEL /boot/vmlinuz
    APPEND vga=0x317 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw changes=/dev/
    sdb2 autoexec=xconf;kdm

    LABEL MyBT3Konsole
    MENU LABEL My Backtrack3 Konsole
    KERNEL /boot/vmlinuz
    APPEND vga=0x317 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw changes=/dev/
    sdb2
  8. Change the partition named as highlighted above to the 2nd Partition name of your thumbdrive as obtained from Fifth Step. Save the file and exit.
Now, reboot your machine and choose the boot options create above. Try to make changes to the OS (for example, create a new folder on the desktop) and reboot the OS. If the folder still there after you reboot your machine, you have done it succesfully.
*note: the options will be shown as "My Backtrack3" under the boot menu.

 
Tracked by ClickAider