Now that we have our operating system up and running as good as a full install, le's tweak the log in process just a bit. The way it's set up by me is that if the USB drive is plugged in when I turn on the computer it automatically boots from that drive. I did that as explained a couple of posts ago. I changed the boot order in the BIOS setup.
So far the log in is not hands free, since we must select the 'Graphics mode with Persistent Changes' item on the start up menu. What a pain. That can be cured.
Open the config file again. (Reminder: It's located in sdb-->boot-->sysconfig-->syslinux.cfg
Find the Group that starts with 'LABEL pchanges'. Select all 5 lines of the group and press Ctrl-x to cut it. Now place the cursor above the line that reads: LABEL kde, and press Ctrl-v to paste it in. Add blanks lines as needed to make it look neat.
Here's a picture of how it should look now:
Okay, one more change to make.
Currently the startup menu waits 20 seconds before automatically choosing the first menu item. If we know we'll usually want the 'Persistent Changes' menu item, why would we want to wait so long. Well, we can choose the item ourselves, but then wouldn't be hands off, would it?
Here's what we can do.
Look at the file you have open in front of you. The second line reads: TIMEOUT 200. This means that the computer will wait 200 tenths of a second, or 20 seconds. let's change it to TIMEOUT 40. That's all, now when we turn on the computer, we can go make a coffee. In a couple of seconds your computer will boot up and save all changes you make. Not bad!!
While we're in the file you may want to change one more thing. When you log in, Backtrack plays this real loud tone. Being that I usually log in at night when my wife and kids are sleeping, it would be pity to wake them. You may like the noise, but if you don't, here's what to do. On that 'APPEND' line we changed earlier add one more thing. after where we added the words changes=/dev/sdb2, add this ' bt nosound' (without the '). Now the line reads:
APPEND vga=0x317 changes=/dev/sdb2 bt nosound initrd.....
The end. Now that we're all set up, I think we're ready to start with the meat.
Wednesday, January 9, 2008
Tweaking the BackTrack Start Up menu
Tuesday, January 8, 2008
Creating ext2 partition to save changes
Okay, we have the Fat32 partition set up on the USB Flash Drive. We installed BT3 onto it and made it bootable. Now we have to make the linux ext2 partition to save the changes to.
I loaded BackTrack using the USB drive. Here's where you'll learn from my mistakes. I couldn't create partitions on the drive while it was in use for BackTrack. Don't make the same mistake. Load Backtrack from the CD we created a few posts back. Once the KDE menu from BackTrack starts up, plug in the USB drive so that it will be recognized. Let BackTrack load from the disk. Yeah, I know, it's slow.
Once BackTrack starts, we'll need to determine what our USB drive is known as. Click on the home icon in the top left corner. It will open in the root folder. Click the green "UP" arrow, and then double click the folder named 'mnt'. (This stands for mount, or the drives that are mounted). Look for the USB drive, it should start with the letters 'sd'. Mine is sdb1', which means the first partition on 'sdb'. Open the folder to make sure it's the right one. It should contain the 'BT3' and 'boot' folders.
Now we'll create a second partition. I will write the instructions using 'sdb1' and 'sdb2'. You substitute it with your name, such as 'sda1' or 'sdc1'.
Open a Konsole Shell by clicking the second icon on the bottom of the screen. It is a picture of a black monitor.
First we will unmount the drive, so that we can partition it further. At the prompt "bt - #" type:
umount /dev/sdb1 (umount, not unmount)
Type: fdisk /dev/sdb - to start the fdisk program
At the "Command (m for help):" prompt
Type : p -this shows you the current partitions. You should see only one partition - /dev/sdb1
Type : n -for new partition
Type : p -for primary partition
Type : 2 -to make it the second partition
Press Enter -to choose first available cylinder to start partition
Press Enter -to choose last available cylinder to end partition
At the "Command (m for help):" prompt
Type : t -to select type of partition
Type : 2 -to select second partition
Type : 83 -this selects a linux partition
At the "Command (m for help):" prompt
Type : p -this will show you the current setup. You should see your to partitions, one W95 FAT32 and one Linux
Type : w -this will write the setup to your drive and make it official. Congratulations!!
Now we have to format the partition to an ext2 partition. At the "Command (m for help):" prompt,
Type : mkfs.ext2 /dev/sdb2
You should be done now!!!
Restart the computer by clicking on bottom leftmost icon (which is like the Windows Start button), select 'log out..', and click on 'Restart Computer'.
Log in again using the first menu item on the boot menu.
Once you're logged in, go to the /mnt folder again using the Home icon. You should now see a new folder called 'sdb2' (or sdc2, sda2, etc.). That's the new partition we just finished making. Double click on it. (You may see a folder in there called 'lost+found', disregard it). Right click on the inside of the folder, and choose 'Create new' -->'folder'. Name it 'changes' and click OK. (Not 'Changes with a capital 'C', as noted by jcmgarvey in his comment.) That will be the folder that will hold all the changes.
One more step and we're done for now. Click on the "Green" arrow on top of the folder to go up one level, and open the sdb1 folder, then the 'boot' folder, and then the 'syslinux' folder.
Double click on the file named 'syslinux.cfg'. This is the configuration file for the startup menu when we log in. Find the group of lines that begins with 'LABEL pchanges'. Then under that find the line beginning with 'APPEND'. We're going to edit that line. Right now the line reads
APPEND vga=0x317 initrd=.......
You change it by adding this - changes=/dev/sdb2
Now the line should read:
APPEND vga=0x317 changes=/dev/sdb2 initrd=.....
Here's a picture of before and after:
Save and close the file.
Restart your computer and on the startup menu, select the third item down the list, Graphics mode with Persistent Changes. You are good to go. The changes are being saved. We're ready to roll.
Please beware that if you shut your computer by pressing the off button, your changes files will become corrupt and you will have to erase them and start fresh. Make sure to go through the shut down process each time.
Good bye for now. Next we will tweak the startup a little bit to make it run a bit easier and some.
Monday, January 7, 2008
Installing BackTrack on a USB Drive
Okay, now we should have a USB drive with a FAT32 partition taking up most of the space of the drive and some empty unformatted space for our ext2 partition , which we'll create in linux.
First we'll install Backtrack on the partition we created, so that we can log in to BackTrack with it.
To begin, you must have a program that can open an .iso file to access the files. I use Winrar, which is an unzipping utility. There is trial version available at http://www.rarlab.com/download.htm.
Open the Backtrack iso file you downloaded a couple of posts ago, using Winrar or whatnot. You will see 2 folders, 'boot' and 'BT3'. Unzip this file to your FAT partition on your USB Drive.
Now if you go to to your drive, you should see 2 folders there. Great.
We need to make the drive bootable, meaning that when you turn on the computer, it should be able to boot an OS from that drive. To do that, we have to run a program.
Open to 'Boot' folder on your drive. You will see a file named 'bootinst.bat'. Double click on it to run it. It will warn you to make sure that you've selected the right drive. If you've done everything right until now, you should have nothing to worry about. Press Enter to run the program and then again to exit. The drive should be bootable now. I'm gonna go try, so we'll be in touch.
OOPS, tried to boot and got an error. I forgot one thing. Being that we're fooling Windows into thinking that our removable drive is a fixed drive, we have to edit the 'bootinst.bat' file with a tiny modification.
Go to the 'bootinst.bat' file, righ click on it, and select Edit.
Scroll down and look these lines:
:setupNT
\boot\syslinux\syslinux.exe -ma -d \boot\syslinux %DISK%:
goto setupDone
:setup95
\boot\syslinux\syslinux.com -ma -d \boot\syslinux %DISK%:
You have to add ' -f' (space dash f) to the 2 lines that start with '\boot' , after the letters -ma, so that the lines should look like this:
:setupNT
\boot\syslinux\syslinux.exe -ma -f -d \boot\syslinux %DISK%:
goto setupDone:setup95
\boot\syslinux\syslinux.com -ma -f -d \boot\syslinux %DISK%:
Now run the program, and boot up. Good luck. I'm gonna try it out now.
COOL!! Now it worked and I'm editing this post from within BackTrack. It was quite a bit quicker loading up from USB Drive compared to loading off a CD.
As I posted in an earlier post, if you hibernated out of Windows you may have to take one step to boot. When the computer starts, you may not get any boot options, so that you can choose which drive to boot from. What you must do is let the computer start coming out of hibernation and then quickly hold the power button to shut the machine. The next time you turn it on, you'll be able to access the boot options by pressing ESC or DEL or F1, depending on your system.
If you don't have any regularly connected USB drives, you can edit the boot order so that, in the future, whenever the USB drive is connected is should boot from it. It can always be changed at a later date. Enjoy.
Partitioning USB Flash Drive
Okay, I got a new Sandisk micro USB drive. There is a special in Staples on it for $20.
What we need to do now is make two partitions on the drive. One for the BackTrack OS, and one for the changes. Windows only recognizes FAT partitions, while Backtrack can only save changes to an ext2 partition, whatever that is. Two weeks ago, I worked for hours trying to get this setup to work. One 1.5GB partition for the OS and for anything else I want to store. This partition can be read with Windows. It's a FAT32 partition. The second partition of 0.5GB has to be an ext2 partition to save the changes. This will not be recognized by Windows.
Okay, this is the issue. Windows will not let you partition USB drives. It recognizes it as a removable Disk, for which Windows does not support partitions. I tried time after time to make both partitions in Linux. No luck. I couldn't get the drive to boot correctly. Someone on forums.remote-exploit.org mentioned that making the FAT32 partition on linux can be unstable, so we have to make it on Windows, which is easier said than done.
Thanks to a guy that posted here: http://www.msfn.org/board/index.php?act=ST&f=82&t=69211&st=0#entry474505, I was able to do it, albeit with some patience. He explains it pretty well, but I'll write it in my own words for clarity.
First make sure your USB drive is installed and working correctly.
Click on the Start button, then choose Run... - In the box type regedit and press Enter. This opens the Registry Editor.
Double click on 'My Computer', then on 'HKEY_LOCAL_MACHINE' ==> 'SYSTEM' ==> 'ControlSet001'==>'Enum'==>'USBSTOR' .
Now look at the list of items under USBSTOR. My Sandisk Drive has two entries. One that is classified as a CdRom, because Sandisk puts this weird software called U3 on. We need the entry that starts with Disk, by me it's 'Disk&Ven_SanDisk&Prod_U3_Cruzer_Micro&Rev_4.04'. Depending on your drive it will say some thing that should start with 'Disk&Ven_'.,
Once you've found that, right click on it. From the menu that comes up, select 'Copy Key Name'.
Now open Notepad, or your text editor and paste it there for future use. The line should look something like 'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_SanDisk&Prod_U3_Cruzer_Micro&Rev_4.05', depending on your drive
Now go to http://www.xpefiles.com/viewtopic.php?t=92 and click on the Download button to download the file. Go to the folder on your computer that contains your download files and unzip the files into a folder. You should now have 6 files in that folder. Double click on the file called cfadisk.inf. It should open in Notepad, otherwise right click and choose open with..., and open it in Notepad.
Look at the file. You will see 10 lines that begin with '%Microdrive_devdesc% = cfadisk_install,' and is followed with 'IDE\.......'.
Go back to your open Notepad containing the line you copied from RegEdit, and press Ctrl-A to select it, and Ctrl-C to copy it to the clipboard. Now go back to the other open notepad file. On each of the 10 lines that start with '%Microdrive_devdesc% = cfadisk_install,' select all the text following the 'comma', for example, select 'DiskIBM-DSCM-11000__________________________SC2IC801' and press Ctrl-V to paste the Regedit line in instead of it. Do that to all 10 lines, and close and save the file.
Here's what it looks like now:
Click on Start, and select Control Panel.
Select System.
Once that opens, click the Hardware tab, and select Device Manager.
Double click on Disk Drives, and look for your USB drive.
Right click on it, and select Update Driver.
It will ask you if Windows can connect, select 'No, not this time'. Click Next.
Select 'Install from a list or specific location' and click next.
Select 'Don't Search. I will choose the driver to install'. Click next.
Click 'Have disk' and then select 'Browse'.
Locate the folder you unzipped the driver file to, and double click on 'cfadisk.inf'.
Press 'OK' Click Next.
It will give a 'Update Driver Warning', click 'Yes'.
It will warn you that the driver has not passed Windows Logo Testing, click 'ContinueAnyway'.
Let Windows do it's magic and click 'Finish'.
If all worked as it should, if you open 'My Computer' now, you will see your USB drive listed as a Local Drive, not a Removable Disk. Cool!!! Now it's partitionable and all.
We are currently fooling Bill Gates into thinking that our USB drive is a Local Disk. Now let's move on to partitioning. Right click on 'My Computer' and select 'Manage'. (Alternatively, you can click Start-->Run--> type 'compmgmt.msc'-->OK.)
Click on Disk Management. Find the drive that is your USB drive. WARNING: We are about to erase the partition on it, so make sure you got the right drive, otherwise....
Right click on the drive letter and select 'Delete Partition...'. You will get a warning, click 'Yes' to continue.
You will now see your drive fully Unallocated on the bottom panel. Right click on it in the panel, and select 'New Partition'. Click next, leave it a Primary Partition so just click next again.
Now you have to specify how much space to allocate for your FAT partition. Leave about 500MB for changes, and use the rest for this. Don't save too much space for the changes, since it won't be recognized in Windows, it will get wasted. For example, on my 2GB drive I enter 1500 for 1.5GB. Please note that you must have this partition at least 700MB in size, to fit the BackTrack files. Press next.
Assign Whatever letter you like or just leave it at the default. Press Next.
On the next menu, make
sure Format this partition... is selected, set 'File system' to FAT32, and set 'Volume label' to whatever you like. I named it BackTrack. This is the name that will show up for the drive in 'My Computer'. Click Next. Click Finish.
Let Windows do it's magic, and you have yourself a nice partition on your USB Flash Drive. Shhh... Don't tell Bill.
Next we're going to install BackTrack onto the USB Drive and boot into Backtrack.
Be well.
Okay, it looks like we're gonna have to put it on a USB flash drive
From the little I found so far, it looks like a USB flash drive is the way to go. I currently own a 2GB Sandisk micro drive that is quite cool, but doesn't work for some reason. I am gonna have to buy another one tomorrow and try to get this rolling. A USB drive is going to load much faster than from a CD and also, I can save the files and changes I make onto the USB drive, which I can't do with a dsk. Can't wait to try it. Hold on tight for the ride.
Sunday, January 6, 2008
A few points after looking at BackTrack
It's really great, BackTrack is. The only thing is that I really don't know anything about linux and I'm used to Windows GUI for all my programs, not command lines. Bill Gates, I hate you for spoiling me so. Anyway, I will still play around a lot, but here's a few points I want to make.
Saving all the files you download and update with BackTrack is not an easy feat. You gotta make some partitions and other stuff I don't really know much about. I found some great tutorials available online. When I get it done myself, I'll post the links to the tutorials and I'll also rewrite it in my own words. That way I can mention all the silly mistakes I made so that you won't make the same ones.
Also, being that I think I'll have a hard time with linux, I will try to see what tools can also be used in Windows and will probably use them with Windows rather than linux. Will be in touch.
Starting with the OS download
I figured I'll start with which OS to use. I did a search on google and I realized real quickly that Linux is the way to go. I am not gonna get rid of Windows on my computer, because I know nothing about Linux. Another quick search on google for best linux distro popped up http://www.darknet.org.uk/2006/03/10-best-security-live-cd-distros-pen-test-forensics-recovery/ which says to use Backtrack.
It looks like a new version of this linux just came out. I downloaded it (the 700MB version so that I can get it on a disk) at http://www.remote-exploit.org/backtrack_download.html
I burned it to a disk using the CD burning software that came with my computer (Sonic DigitalMedia Plus). Just right click on the downloaded ISO file and click open with... and choose whatever your burning program is.
Now I loaded te OS. I had to press escape at boot time to be able to boot from the disk. Actually, being that I hibernated Windows, there wasn't even an option to press ESC or whatever the option is on your computer. It just went straight to loading out of hibernation. I pressed and held the off button to stop it from loading and it turned off. Now, when I turned it back on, it gave the option to press ESC to choose the Boot drive. I chose the ATAPI CD-ROM or something like that. It began to load.
A menu came up with boot choices. I just pressed ENTER to choose the first option - BT3 Graphics Mode (KDE). It loaded for about two minutes, quite slow mind you. Then........
WOOW!!! Cool!!! Real Cool!!! I have another OS running on my computer.
Anyway, gonna play around a little with it to see what's there. Be in touch!!!