Saturday, January 31, 2009

Booting BackTrack 4 over the network (PXE or Net Boot CD)

One of the features we really wanted in BackTrack 4 was a fully working PXE boot system.
This could be ideal in Team Penetration Testing, Training, Cluster Cracking or simply Installing BackTrack over the network.

The PXE boot functionality was imported from SLAX, and is still not polished. In our tests, some network drivers failed to load at the initrd bootstrap due to kernel memory limitations. We got around this by adding some drivers into the kernel itself.
Most major network cards are supported and we will be improving on this as we get more feedback once BT4 Beta is released.

Getting the PXE system up and running after you've booted the Live{CD/USB} and set up your network interfaces is simple:



Once that's done, you should be running a web server (we use httpfs for the file transfer), and all the rest of the components required to boot a machine from the network.

Configure the target machine to boot from the network, and make sure there are no additional DHCP servers on the subnet.


Your Network Card PXE should pick up the BT4 PXE server, and load the initrd.


If all goes well, you should see BackTrack load the LZM files over HTTPFS:


We will also be publishing an 8mb "netboot" iso, in case you do not have PXE enabled cards. These isos will accept an "ip=" boot cheatcode parameter.

Anyone care to whip up a cluster script / djohn setup ?
Posted by at 8 comments:

Friday, January 30, 2009

CUDA and RFID Support in BackTrack 4 Beta

Props to Adam Laurie and pure_hate for helping me get each of these set up.
Both RFIDIOt and Pyrit are working out of the box with the supported hardware.

More teaser screenies:

Posted by at 2 comments:

Philosophical thoughts about BackTrack 4

Many people have asked me why we chose a Debian base (*buntu) for BackTrack 4. One person even asked in dismay "Ubuntu ?? That's for noobs!".

The reasoning is simple.

Last year the Defcon people were tracking User Agents on their network, and I was astounded by the massive use of BackTrack throughout the con. What many didn't know is that everyone running BackTrack was potentially vulnerable due to a flaw in wget which was discovered a few weeks earlier.

This is only an example of course. The main point being, that with over 3 million users that downloaded BackTrack, none were receiving any security updates or patches as they came out. The distribution was not maintained.

With fortune 500 and government agencies using BackTrack as their main testing platform, we felt compelled to address this situation by making BT4 a real distribution with security and tool updates. This literally lifts BackTrack 4 from a LiveCD to a full blown Distribution.

At the end of the day, Linux is a kernel with user space applications around it. The alignment of these applications is what distinguishes one distribution from another.

Oh, and here's a screenshot of aircrack-ng cracking WPA at 1400+ keys per second using a Pico card on BT4 Beta :)


For more Pico action shots, click here: http://secmaniac.blogspot.com/2009/01/cracking-wpa-at-speed-of-pico.html
Posted by at 15 comments:

BackTrack 4 Beta almost out of the oven!

Once again, it's that time of the year... The Remote Exploit Dev team are working hard on BackTrack 4 ... and it will be released in the very near future...

We have taken huge conceptual leaps with BackTrack 4, and have some new and exciting features.

The most significant of these changes is our expansion from the realm of a Pentesting LiveCD to a full blown "Distribution".

Now based on Debian core packages and utilizing the Ubuntu software repositories, BackTrack 4 can be used both as a Live CD, or installed on hard disk as a full distribution. By syncing with our BackTrack repositories, you will regularly get security tool updates soon after they are released.

The BackTrack kernel is now in sync with upstream kernels - so you always get the latest hardware support.Kernel upgrades including the latest hardware support will be periodically available.

Working out of the box:

  • Native support for Pico e12 and e16 cards is now fully functional, making BackTrack the first pentesting distro to fully utilize these awesome tiny machines.
  • Support for PXE Boot - Boot BackTrack over the network with PXE supported cards!
  • SAINT EXPLOIT - kindly provided by SAINT corporation for our users with a limited number of free IPs.
  • MALTEGO - The guys over at Paterva did outstanding work with Maltego 2.0.2 - which is featured in BackTrack as a community edition.
  • The latest mac80211 wireless injection pacthes are applied, with several custom patches for rtl8187 injection speed enhancements. Wireless injection support has never been so broad and functional.
  • Unicornscan - Fully functional with postgress logging support and a web front end.
  • RFID support (thanks to Adam Laurie)
  • Possibly CUDA support...
  • New and updated tools - the list is endless!

With all these changes, PLUS the usual goodies and surprises we have in BackTrack, we are truly excited about this new release.

check out these screenshots for some teasers:

http://www.offensive-security.com/bt4/01.png
http://www.offensive-security.com/bt4/02.png
http://www.offensive-security.com/bt4/03.png
http://www.offensive-security.com/bt4/04.png
http://www.offensive-security.com/bt4/05.png
http://www.offensive-security.com/bt4/06.png
http://www.offensive-security.com/bt4/07.png
Posted by at 29 comments:
Subscribe to: Posts (Atom)