Results 1 to 8 of 8

Thread: Custom BackTrack CD Idea

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    May 2008
    Posts
    3

    Default Custom BackTrack CD Idea

    A manager of mine use to travel around and do penetration testing with a team. He was telling me a story of this bank that he walked into and told them that he was sent to fix a slow computer. He hooked up his laptop to the network and left a sticky note on it "Don't touch". They spent the next 3 days downloading stuff off the network in the parking lot.

    It got me thinking how would I setup a laptop or even a custom cd. Walk in and just boot a computer off the cd and leave. Netbooks seem like a perfect fit for this.

    I would strip the artwork and any backtrack reference. I've shown some friends the cd before and the artwork is really cool and unique. Which may raise some flags that wouldn't if there was no artwork or if it looked like Ubuntu.

    Setup an ad-hoc network so I could connect from the parking lot if I needed to.

    Setup ssh keys so it would connect to my box at home. Setup ssh multiplexing so I can write a script that would reconnect if the ssh session dies.

  2. #2
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Quote Originally Posted by Rizzen View Post
    A manager of mine use to travel around and do penetration testing with a team. He was telling me a story of this bank that he walked into and told them that he was sent to fix a slow computer.
    I'm surprised that they didn't check his ID

    He hooked up his laptop to the network and left a sticky note on it "Don't touch".
    How everybody believed that hooking up a personal laptop to a bank network will "fix a slow computer"?
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by kazalku View Post
    How everybody believed that hooking up a personal laptop to a bank network will "fix a slow computer"?
    Doesn't really surprise me. Someone with no IT knowledge wouldn't really know what would work to fix a slow computer. If an IT staffer was told about this and believed it however....

    @OP - Is there a question in your post somewhere that Im missing? Were you going to build this Custom CD yourself and post a tutorial?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    Just burned his ISO
    Join Date
    May 2008
    Posts
    3

    Default

    No just thinking. Maybe looking for ideas what people would do differently.

    I did some work for a small office that has no IT staff. I met one of them the other day and they mentioned they were looking to secure their network. I offered to take a look at their network and they took me up on it.

    I'm debating if I should just point out the things they should change or offer to do a penetration test. I'm thinking it might have more of an impact to actually do it instead of just saying this is how I would've done it.

    If I do the penetration test I'm going to make this cd and put my social engineering skills to work.

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Rizzen View Post
    No just thinking. Maybe looking for ideas what people would do differently.

    I did some work for a small office that has no IT staff. I met one of them the other day and they mentioned they were looking to secure their network. I offered to take a look at their network and they took me up on it.

    I'm debating if I should just point out the things they should change or offer to do a penetration test. I'm thinking it might have more of an impact to actually do it instead of just saying this is how I would've done it.

    If I do the penetration test I'm going to make this cd and put my social engineering skills to work.
    Excuse me if Im making the wrong assumption here, but I get the impression that you don't do penetration tests professionally. Just be aware that they are not the sort of thing you should jump into without thought. There are a number of potential legal liability issues to consider. You should have a legally binding permission document signed by the client (and potentially their service provider) as a minimum before you perform this type of testing.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #6
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Well if I were you, I would simply install arch or some other very lightweight distro and install a few obviously needed tools. Then set up the wifi as a PPTP tunnel only allowing a certain MAC to connect.

    For tools I would pick:

    nemesis
    ssh: only works on the Tunnel interface.

    This would come out at a VERY small install.


    Once inside, connect and you can send any NEEDED files over the SSH link. Oh and leavre some infinite loop Terminal Command on the laptop so it looks like its doing something.

    The Reason I said Nemesis as the only tool is: it can emulate nearly any tool that works on the tcp IP stack, and anything that you MUST have can be send over via ssh.

  7. #7
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by HitThemLow View Post
    Oh and leavre some infinite loop Terminal Command on the laptop so it looks like its doing something.
    Code:
    hexdump /dev/random
    Further, I don't see why you can't stash as many tools as you like on the laptop - if you have it locked down enough with the correct firewalling and physical security mechanisms, unless the IT team you are up against get tipped off by the manager who signed you on, they're unlikely to employ more than the basics to check the system out.

    Also, there is no need to change the backtrack artwork or anything like that - just throw a custom backdrop on, hide the menu bars and set a screensaver. Screensaver even reduces the need for the terminal loop.

    Side note: I once got an unencrypted WAP stuck into the back of a banking rack. It was an accident I have to confess, but nobody thought different of it. Stupid bank for not having dedicated hosting for those machines I guess.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •