Advanced Corner
From BackTrack Linux
This section is dedicated to interesting how-to's, various setups etc.
Pentesting VoIP
NightRang3r provided an excellent introductory writeup on Pentesting VoIP With BackTrack where he covers the SIP protocol and a wide range of tools and techniques for attacking them.
Getting Cuda working on Backtrack 4
BackTrack includes many tools which utilize the power of graphics cards to greatly improve performance. This section will help you get your environment set up to use these tools and also to set up a development environment to make your own tools
Check http://en.wikipedia.org/wiki/CUDA to see if your video card is capable of running CUDA applications
Installing the Nvidia Drivers
Installing the driver is now easier than ever. We use the installer from the nvidia web site and do not alter the install in any way. This means no matter which kernel version you are running on backtrack the nvidia-driver package should work
Note: Be sure to log out of X before installing the driver or it will fail
root@bt:~# apt-get install nvidia-driver
Simply follow the prompts and choose the defaults and you should be fine
Since every system is different there are 2 ways to get your xorg.conf working on backtrack.
Method 1: The installer attempts to do this method but in some cases its needed to do it manually. Log out of the X server
root@bt:~# Xorg -configure root@bt:~# cp /root/xorg.conf.new /etc/X11/xorg.conf root@bt:~# startx
Method 2: Nvidia bundles a config tool with their install which may work better for you that the Xorg tools Log out of the X server
root@bt:~# nvidia-xconfig root@bt:~# startx
Installing the CUDA Toolkit
The toolkit contains the nvcc compiler and all the libraries needed to build any GPU based applications from source. The toolkit is also needed if you are planning on developing any of your own applications.
root@bt:~# apt-get install cuda-toolkit
The default install is /opt/cuda
Note: The toolkit is designed to be installed as root. If you want to install it as another user you will need to add the following lines to the users .bashrc file
PATH=$PATH:/usr/local/cuda/bin LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/cuda/lib export PATH export LD_LIBRARY_PATH
Installing the Nvidia SDK
We no longer package the cuda code samples in our repositories due to the size the package has become. The code samples are extremely useful though if you are interested in cuda development. Getting it installed on backtrack is fairly simple.
root@bt:~# wget http://developer.download.nvidia.com/compute/cuda/3_1/sdk/gpucomputingsdk_3.1_linux.run root@bt:~# chmod 755 gpucomputingsdk_3.1_linux.run root@bt:~# ./gpucomputingsdk_3.1_linux.run
The only thing I change aside from the default choices is the place where the NVIDIA_SDK is installed. On backtrack we install to /opt so since I like to keep my stuff in the same place I instruct the installer to install to /opt/cuda/ so that my code samples are inside my cuda directory
Getting up and running with Pyrit
Pyrit is included in the backtrack iso but in order to use it with cuda you will need to install the cuda kernel module. This is part of the cpyrit package. Installation is fairly straight forward:
root@bt:~# apt-get install cpyrit-cuda
You can check if your GPU is being recognized with the following command:
root@bt:~# pyrit list_cores Pyrit 0.3.1-dev (svn r279) (C) 2008-2010 Lukas Lueg http://pyrit.googlecode.com This code is distributed under the GNU General Public License v3+ The following cores seem available... #1: 'CUDA-Device #1 'GeForce GTX 295 #2: 'CUDA-Device #2 'GeForce GTX 295 #3: 'CUDA-Device #3 'GeForce GTX 295 #4: 'CUDA-Device #4 'GeForce GTX 295 #5: 'CUDA-Device #5 'GeForce GTX 295 #6: 'CUDA-Device #6 'GeForce GTX 295 #7: 'CUDA-Device #7 'GeForce GTX 295 #8: 'CUDA-Device #8 'GeForce GTX 295
You can then run a benchmark to see how many keys per second your system in capable of:
root@bt:~# pyrit benchmark Pyrit 0.3.1-dev (svn r279) (C) 2008-2010 Lukas Lueg http://pyrit.googlecode.com This code is distributed under the GNU General Public License v3+ Running benchmark (97384.8 PMKs/s)... | Computed 97384.83 PMKs/s total. #1: 'CUDA-Device #1 'GeForce GTX 295: 11520.5 PMKs/s (RTT 2.9) #2: 'CUDA-Device #2 'GeForce GTX 295: 11274.3 PMKs/s (RTT 2.9) #3: 'CUDA-Device #3 'GeForce GTX 295: 10439.3 PMKs/s (RTT 2.9) #4: 'CUDA-Device #4 'GeForce GTX 295: 11095.7 PMKs/s (RTT 2.9) #5: 'CUDA-Device #5 'GeForce GTX 295: 10564.8 PMKs/s (RTT 2.6) #6: 'CUDA-Device #6 'GeForce GTX 295: 10533.7 PMKs/s (RTT 2.9) #7: 'CUDA-Device #7 'GeForce GTX 295: 10414.8 PMKs/s (RTT 2.6) #8: 'CUDA-Device #8 'GeForce GTX 295: 11333.7 PMKs/s (RTT 2.9)
Add CUDA syntax highlighting to Vim
I like to use Vim for coding so here is how to add CUDA syntax highlighting to Backtrack
First we need to install vim-full:
root@bt:~# apt-get install vim-full
Then grab the syntax file:
root@bt:~# cd /usr/share/vim/vim71/syntax/ root@bt:/usr/share/vim/vim71/syntax# wget http://www.backtrack-linux.org/patches/cu.vim.txt root@bt:/usr/share/vim/vim71/syntax# mv cu.vim.txt cu.vim
Next change into your root directory (or whichever user you are using):
root@bt:~# touch .vimrc root@bt:~# vi .vimrc
Add the following lines:
au BufNewFile,BufRead *.cu set ft=cu syntax on
Now your vi should be set up for CUDA syntax highlighting
Installing Virtual Box on Backtrack 4 R2
It should be noted that adding third party repositories to any distribution can cause problems. That being said, many of us have downloaded and installed Virtual box using this method with out any problems.
Downloading and Installing
Add the repository to your source file
root@bt:~# echo "deb http://download.virtualbox.org/virtualbox/debian intrepid non-free" >> /etc/apt/sources.list
Download the Oracle public key and install it
root@bt:~# wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -
OK
Update your system
root@bt:~# sudo apt-get update
Install Virtual Box
root@bt:~# apt-get install virtualbox-3.1
What to do when experiencing GPG error: following signatures were invalid
root@bt:~# sudo -s -H root@bt:~# apt-get clean root@bt:~# rm /var/lib/apt/lists/* root@bt:~# rm /var/lib/apt/lists/partial/* root@bt:~# mkdir /var/lib/apt/lists/partial root@bt:~# apt-get clean root@bt:~# apt-get update
If you have completed the steps properly you should now be able to launch Virtual Box from the System section of the KDE menu
Installing BackTrack and guest additions in Virtual Box
Download and check the BackTrack iso following this guide
http://www.backtrack-linux.org/wiki/index.php/Downloading
Install BackTrack following this guide
http://www.backtrack-linux.org/wiki/index.php/Install_BackTrack_to_Disk
Once BackTrack is installed
Install Virtual Box guest additions in BackTrack
Install lastest dkms package from BT repository
root@bt:~# apt-get update root@bt:~# apt-get upgrade root@bt:~# apt-get install dkms
Then
root@bt:~# mount /dev/hdX /mnt/cdrom root@bt:~# cd /mnt/cdrom root@bt:~# ./VBoxLinuxAdditions-x86.run
where /dev/hdX is replaced by your Virtual Box guest additions drive assignment
Follow any onscreen instructions.
Once completed.
root@bt:~# reboot
Now we should check the the guest additions have installed correctly.
So run
root@bt:~# /usr/bin/VBoxClient-all
Then check that the services have started correctly
root@bt:~# ps ax |grep VBoxClient
6351 ? Sl 0:00 /usr/bin/VBoxClient --clipboard
6355 ? Sl 0:01 /usr/bin/VBoxClient --display
6356 ? Sl 0:01 /usr/bin/VBoxClient --seamless
6404 pts/1 S+ 0:01 grep VBoxClient
root@bt:~#
Where you should see output similar to that shown above.
Now we need to make the services autostart when the system boots
root@bt:~# nano /root/.xinitrc
and add this line at the end
exec /usr/bin/VBoxClient-all
^O to save the changes to the file
^X to exit nano
Finally we should now restart our virtual machine just to make sure all the guest additions and the autostart of the services are working correctly.
root@bt:~# reboot
Enjoy your BackTrack Virtual Box install with all of the Guest additions fully working.
Installing VMware Workstation with BackTrack as the Host OS
The latest VMware Workstation (At the time of writing VMware-Workstation-Full-7.1.3-324285.i386.bundle) installs flawlessly with the latest BackTrack r2 2.6.35.8 kernel.
It is a simple case of running the ./VMware-Workstation-Full-7.1.3-324285.i386.bundle and then following the directions in the GUI that pops up.
The VMware programs can then be found in the KDE menu > System.
Installing Compiz-Fusion on Backtrack 4 R2
Compiz-Fusion can add some really nice graphics and effects to your Backtrack installation. We do not include it by default but it can be added fairly easily. Keep in mind these programs can be resource intensive so be sure you have adequate ram and processing. You will also need to be sure you have compositing enabled in the xorg.conf and that your graphics card is supported.
Downloading and Installing
Download the following packages.
root@bt:~#apt-get install compiz compiz-fusion-plugins-extra compiz-fusion-plugins-unsupported emerald simple-ccsm fusion-icon
Go to backtrack menu -> system -> compiz fusion Right click the Compiz-Fusion icon and select "Reload Window Manager"
Adding compiz to startup
Go to /etc/ and edit the file called "rc.local". And just add the files you installed to it, like this:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
compiz
compiz-fusion-plugins-extra
compiz-fusion-plugins-unsupported
emerald
simple-ccsm
fusion-icon
exit 0
Now open a terminal and type in
root@bt:~#chmod u+x /etc/rc.local
Reboot and Compiz-Fusion should start with the system
Armitage Setup
To install Armitage in BackTrack, we simply need to update the repositories and install the "armitage" package.
root@bt:~# apt-get update ...snip... Reading package lists... Done root@bt:~# apt-get install armitage ...snip... Unpacking armitage (from .../armitage_0.1-bt0_i386.deb) ... Setting up armitage (0.1-bt0) ... root@bt:~#
Armitage communicates with Metasploit via the RPC daemon so we need to start that next.
root@bt:~# msfrpcd -f -U msf -P test -t Basic
[*] XMLRPC starting on 0.0.0.0:55553 (SSL):Basic...
Next, we need to start our MYSQL server so Armitage has a place to store its results.
root@bt:~# /etc/init.d/mysql start
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
root@bt:~#
Lastly, we need to run "armitage.sh" from the /pentest/exploits/armitage directory at which point, we are presented with the connection dialog.
root@bt:~# cd /pentest/exploits/armitage root@bt:/pentest/exploits/armitage# ./armitage.sh
We select the "Use SSL" checkbox, verify the rest of the settings and click "Connect". Afterwards, the main Armitage window is displayed.
For more information on Armitage and Metasploit usage, be sure to check out our free Metasploit Unleashed training course.
Getting started with OpenVas
This guide will show you how to setup OpenVas so that you can use it properly. Since the easiest way to use OpenVas is through the GUI we will need to start the X-server.
Adding a user to OpenVas
The first thing we want to do is add a user for our OpenVas scanner. You can add as many as you need, but we will only focus on adding one.
Clicking the menu entry will bring up a console where you will create the user. Alternatively "openvas-adduser" in the console. Here we will define a user named "test"
Using /var/tmp as a temporary file holder. Add a new openvassd user --------------------------------- Login : test Authentication (pass/cert) [pass] : Hitting Enter accepts the default in this case a password Login password : Login password (again) : User rules --------------- openvassd has a rules system which allows you to restrict the hosts that test has the right to test. For instance, you may want him to be able to scan his own host only. Please see the openvas-adduser(8) man page for the rules syntax. Enter the rules for this user, and hit ctrl-D once you are done: (the user can have an empty rules set) Login : test Password : *********** Rules : Is that ok? (y/n) [y] y user added. root@bt:~#
Once you are satisfied with your user account select 'y' to create it and return to the shell.
Creating a Certificate
When adding a user to OpenVas you have the options to choose between having a password or certificate for authentication. Here we will create a certificate. You can either go through the menu system (OpenVas Make Cert) or open a console and type "openvas-mkcert"
Note: You do not need to do this step in order to use OpenVas.
-------------------------------------------------------------------------------
Creation of the OpenVAS SSL Certificate
------------------------------------------------------------------------------
This script will now ask you the relevant information to create the SSL certificate of OpenVAS.
Note that this information will *NOT* be sent to anybody (everything stays local), but anyone with the
ability to connect to your OpenVAS daemon will be able to retrieve this information.
CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [DE]:
Your state or province name [none]: Hitting Enter will accept the defaults
Your location (e.g. town) [Berlin]:
Your organization [OpenVAS Users United]:
-------------------------------------------------------------------------------
Creation of the OpenVAS SSL Certificate
-------------------------------------------------------------------------------
Congratulations. Your server certificate was properly created.
/usr/local/etc/openvas/openvassd.conf updated
The following files were created:
. Certification authority:
Certificate = /usr/local/var/lib/openvas/CA/cacert.pem
Private key = /usr/local/var/lib/openvas/private/CA/cakey.pem
. OpenVAS Server :
Certificate = /usr/local/var/lib/openvas/CA/servercert.pem
Private key = /usr/local/var/lib/openvas/private/CA/serverkey.pem
Press [ENTER] to exit
root@bt:~#
Synchronize OpenVas NVT's
Now that we have a user for OpenVas, you need to synchronize the NVT's (Network Vulnerability Tests)
Again clicking the menu entry will launch a console and start the synchronization process. Once you start this process it may take quite a bit of time depending on your computer and network as well as the number of NVT's to sync.
Upon completion the console will return to the prompt. Once it does exit it.
Start Openvas Scanner
Now that you have synchronized the NVT database you can start the Openvas scanner. In the console it's "openvassd".
Starting the scanner may take some time, as it will load the NVT's.
Once it is finished you should see the following.
Start OpenVas Client and connect to Scanner
There are two ways in which you can run OpenVas. The first is through the GUI client, and the second is the command line interface. Which one you use is up to your needs. Using the menu you would select on OpenVas Client. In the console it is "OpenVAS-Client". Once the client starts up you will need to connect it to the scanner, and give in the supplied user credentials, if you created a certificate then you can supply it here as well.
If you created a certificate then you can supply it here as well.
Note: Once you click on "ok" the client will load the plugins and this may take some time to complete. When all of the plugins are loaded the pop-up will let you know this and ask you to select "ok".
After hitting "ok" you will be logged onto the client and connected to the scanner.
