BackTrack is a very useful security distribution for various hacks (pentests, rev eng, audit, ...).
Best way to install is to have it on a USB key and boot from it.
Here are a few problems I encountered with BackTrack 3 and their accompanying solutions.
TOR is included in BT3 but lacks some components, ie tsocks. Here is how to fix it:
1. First compile tsocks
wget 'http://downloads.sourceforge.net/tsocks/tsocks-1.8beta5.tar.gz?modtime=1035331200&big_mirror=0' tar zxvf tsocks-1.8beta5.tar.gz cd tsocks-1.8 ./configure make make install cd .. hash -r
2. Fix some links
ln -s /lib/libtsocks.so /usr/lib/libtsocks.so
3. Check your setup by connecting to a server where you have access and check if the origin is coming from a non-known IP
netstat -anp | grep <YOUR_IP>
Preservation & Persistance
When you do some system changes, you may want to have them always loaded by default during the next BT3 boot, so before rebooting you need to type this command:
dir2lzm "/mnt/live/memory/changes/" "/mnt/sda1/BT3/modules/changes.lzm"
If you want to cherry-pick which file to include in the changes.lzm file, it's a bit more tricky, for example to keep the tsocks installation, you need to:
cd /mnt/live/memory/changes/ tar zcvf /tmp/tsocks.tgz lib/ usr/man/ usr/bin/ usr/lib/libtsocks.so cd /tmp/ mkdir keep cd keep/ tar zxvf /tmp/tsocks.tgz cd /tmp/ dir2lzm keep /mnt/sda1/BT3/modules/tsocks-1.8beta5.lzm chmod a+rwx /mnt/sda1/BT3/modules/tsocks-1.8beta5.lzm
Then at next reboot, tsocks and only tsocks should still be there. You can use this to distribute a package for Backtrack, ready to be used by other people.
You can for example download this media:Tsocks-1.8beta5.lzm and drop it in your BT3/modules/ directory on your USB key and benefit from the fixed TORify / tscosk support in Backtrack3 :)
Kernel Module Compiling
Let's say you want to use a kernel module (let's say x25) that is NOT compiled in the standard BackTrack distribution. One tedious way is to recompile the whole new kernel with the new option.
Another method is just to recompile the kernel: 1. Go to the source directory of the desired module:
2. Edit Makefile
3. Add the following lines to the Makefile:
obj-m = foo.o KVERSION = $(shell uname -r) all: make -C /lib/modules/$(KVERSION)/build M=$(PWD) modules clean: make -C /lib/modules/$(KVERSION)/build M=$(PWD) clean
4. Compile just this module
Up to you :)
To put your card into monitor mode, open a terminal window and type:
airmon-ng stop ath0;airmon-ng start wifi0
That will create a new madwifi interface (ath0) in monitor mode.
In order to take your card out of monitor mode, and place it back into managed mode (in order to join a wifi access point)
airmon-ng stop ath0 wlanconfig ath create wlandev wifi0 ifconfig ath0 up
Working in groups & Collaboration
sshfs is great to access the Filesystem of other machine as a local one.
sshfs username@hostname:folder mount_folder
mkdir /mnt/x sshfs firstname.lastname@example.org:. /mnt/x/
then you can work on /mnt/x.