Blog : BackTrack Linux – Penetration Testing Distribution

Hakin9 Guide to BackTrack and European Open Source Event

The guys over at Hakin9 have dedicated this month’s edition to BackTrack, and various different ways it can be used. From forensics to wireless to preforming stealthy attacks, they have a pretty comprehesive list of topics in this month’s edition. You can download a preview of this month’s magazine here.

In addition, the European Open Source Event will be taking place between the 19th and 21st of June, 2012. The event will be held at the at the “CNIT de Paris” in “La Défense”, and several of our European BackTrack developers will be attending. You can find more information about this event at the official site –

The Debian Administrator’s Handbook

The BackTrack Team is proud to have contributed 1000 EUR to the Debian Administrator’s Handbook liberation fund. This book, written by two Debian developers, is a welcome addition to any administrator’s bookshelf. Debian is very popular on servers and it’s also the base distribution from which BackTrack is forged.

Security is not in rest in this book since a full chapter is dedicated to the topic. It covers setting up a firewall, monitoring, intrusion detection systems, setting up SELinux policies, dealing with a compromised machine, and gives many thoughful advice to define a security policy within your organization.

The authors have pledged to release the book under an open source license if the associated “liberation fund” reaches 25,000 EUR. Today, there’s less than 3,000 EUR to raise and we invite you to contribute as well. By giving 10 EUR or more, you’ll get a copy of the ebook as soon as it’s available (even if the liberation fund is not completed). Click here to contribute now.

The book is planned to be released in April but in the mean time you can have a peek at a sample chapter and the full table of contents. We have no doubt that this book will provide a solid foundation to all those looking to better understand Debian, BackTrack and Linux at large.

BackTrack 0day privilege escalation

Yesterday, we recieved a bug report in our BackTrack forums describing an “0-day privilage escalation in BackTrack” from the Infosec Institute.

Initially, the bug report confused us, as BackTrack 5 R2 by default has a single root user, with no open TCP or UDP ports – therefore a console escalation from root to root seemed frivolous. The title of the bug was even more confusing – calling it a “BackTrack 0day” misrepresents the bug, apparently in an attempt to make it seem bigger than it is.

As an organization who claim to be security professionals, the Infosec Institute should know better. They should know that an accurate vulnerability description is probably the most important aspect of a bug report. Without this basic rule in place, every single 3’rd party FTP overflow in windows would be categorized as a “Windows 0day”, and every PHP web application vulnerability would be defined as an “Apache 0day”.

To summarise, we believe that the intentional misrepresentation of this bug report has discredited BackTrack unecessarily in the eyes of those who do not understand the underlying mechanisms of our OS, and also discredited the Infosec Institute in the eyes of those who do.

Lastly, we found the following quote from Saul Bellow relevant to this situation. “A great deal of intelligence can be invested in ignorance when the need for illusion is deep“.

BackTrack 5 R2 Released

BackTrack 5 R2 – New Kernel, New Tools

BT5R2 Released

After months of development, bug fixes, upgrades, and the addition of 42 new tools, we are happy to announce the full release of BackTrack 5 R2 available for download now. Running our custom-built 3.2.6 kernel with the best wireless support available, this is our fastest and best release of BackTrack yet. In the past few weeks, we have had a flood of submissions to our BackTrack Redmine Tracker with submissions for many new tools and dozens of packages that needed to be updated and this has helped to make this one of the strongest releases we’ve ever had.

(Read more…)

Upgrading to BackTrack 5 R2

The long awaited release of the BackTrack 5 R2 kernel has arrived, and it’s now available in our repositories. With a spanking brand new 3.2.6 kernel, a huge array of new and updated tools and security fixes, BT5 R2 will provide a more stable and complete penetration testing environment than ever before. We will start a series of blog posts on how to upgrade, deal with VMWare, and even build your own updated BT5 R2 by yourself. For now though, here’s how to get the new kernel and all of the updated goodness:

(Read more…)

Infected Mushroom