Second, I now Kali is out but I'm just waiting for a more mature project as the dist has a lot of bugs.

This tutorial is for the a 32 bit install but if you have an IQ grater than 60 I'm sure you'll mange to adapt. Also please check the versions downloaded with wget are the latest.

Get Backtrack 5 R3 from somewhere. Get UNebootin and install it to a stick. Now you have installed backtrack 5 r3 on an non-ecrypted non-persistent usb stick. Wow. Great. Of course you can always burn a DVD.

To get a clean usb disk  on a win station open a command prompt and type the the following:

diskpart
list disk
select disk (enter usb disk number)
clean
create partition primary
select partition 1
format fs=fat32 quick
active
assign

Boot it up and enter startx to get the gnome or kde interface.

1. Open a terminal and get an ip address. If you have dhcp enabled on your router just type dhclient eth0 and hit enter.
2. Delete all partitions. This is how you do it:

fdisk /dev/sda

# use the appropriate drive letter for your system

# delete existing partitions. There may be more than one.

Command (m for help): d
Partition number (1-4): 1

# create the first partition

Command (m for help): n
Command action e extended p primary partition (1-4) p
Partition number (1-4): 1
First cylinder (1-2022, default 1):
Using default value 1 Last cylinder, +cylinders or +size{K,M,G} (1-2022, default 2022): +1G

# create the extended partition

Command (m for help): n
Command action e extended p primary partition (1-4) e
Partition number (1-4): 2
First cylinder (66-2022, default 66):
Using default value 66 Last cylinder, +cylinders or +size{K,M,G} (66-2022, default 2022):
Using default value 2022

# Create the logical partition.

Command (m for help): n
Command action l logical (5 or over) p primary partition (1-4) l
First cylinder (66-2022, default 66):
Using default value 66 Last cylinder, +cylinders or +size{K,M,G} (66-2022, default 2022):
Using default value 2022

# Setting the partition type for the first partition to ext3 Command (m for help): t

Partition number (1-4): 1
Hex code (type L to list codes): 83

# Setting the first partition active

Command (m for help): a
Partition number (1-4): 1
Command (m for help): w

If you happen to get an error that mentions something like “..the partition table failed with error 16:…”, you need to reboot before continuing with the how-to. After rebooting, you will need to re-execute the Partitioning section of this tutorial.

Install the tool needed for encrypting your hdd:

apt-get update
apt-get install hashalot

Our next step is to enable encryption on the logical partition we created above and make it available for use. Before we do that though, there is an optional step we can take if we want to make sure no one can tell where our data is on the drive. It isn’t really necessary since anything written will be encrypted, but if we want to be thorough and make sure no one can see where our data even sits on the drive, we can fill the logical partition with random data before enabling encryption on it. This will take some time, as much as a couple hours or more. Execute the following command:

dd if=/dev/urandom of=/dev/sda5 & pid=$!

Then use the fallowing to check the write speed, and progress.

kill –USR1 $pid

To do my full 250GB hdd, it was going to take 24 hours. I let it go over night it got to 150GB then I just killed the process, and continued on with my life.

kill $pid

The following commands will setup encryption services for the partition and open it for use. There are several ciphers that can be used, but the one indicated in the command is supposed to be the most secure and quickest for Ubuntu 8.10. Please note that the case of the command luksFormat is required.

cryptsetup -y --cipher aes-xts-plain --key-size 512 luksFormat /dev/sda5

WARNING! ======== This will overwrite data on /dev/sda5 irrevocably. Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: (enter passphrase) [type passphrase]
Verify passphrase: (repeat passphrase) [type passphase]

Command successful.

Now type:

cryptsetup luksOpen /dev/sda5 pvcrypt

and hit enter
Enter LUKS passphrase: [type passphrase]
key slot 0 unlocked. Command successful.

If you should happen to get a “cannot access device” error when trying to perform the cryptsetup setup commands above, make sure the drive has not been mounted. That can happen sometimes. Now that that’s all done, we can create our root and swap partitions using LVM.

pvcreate /dev/mapper/pvcrypt

Physical "volume /dev/mapper/pvcrypt" successfully created

vgcreate vg /dev/mapper/pvcrypt

Volume group "vg" successfully created

lvcreate -n root -l 100%FREE vg

Logical volume "root" created.

The final step is to format the logical volumes we just created. I have not included the output below for brevity’s sake.

mkfs.ext4 /dev/mapper/vg-root

Installation

Believe it or not, we are finally ready to start installing Backtrack. To do, double-click on the install.sh icon on the desktop. This will start the graphical installer.

Select you language of choice and click the ‘Forward’ button.

The next step is to select our keyboard layout. Pick yours and click the ‘Forward’ button. I cannot vouch for any keyboard layout other than English.

Click on ‘Specify partitions manually’ and click the ‘Forward’ button.

We are not going to indicate the mount points for our partitions. First let’s setup our root partition. Click on the row with vg-root in it and click the ‘Change’ button.

Select ext4 from the dropdown menu for ‘Use as:’, click ‘Format the partition:’, enter ‘/’ without the quotes for the mount point and click the ‘OK’ button. The system will re-read the partition table and redisplay it.

Again, select ext4 and click the format checkbox. Enter ‘/boot’ without the quotes for the mount point and click the ‘OK’ button. The disk partition will be re-read and the display updated.

You will get this message if you are installing to a USB drive and not using a swap partition. Click the ‘Continue’ button.

WARNING: You must click on the advanced tab on the next page and select your the boot partition created earlier as the target for installing the boot loader. You will break your system if you do not.

Don’t forget! Make sure you select the target disk for your install as the device for the boot loader to be installed on or you run the risk of making the system you are doing this on non-bootable. Then click on the ‘OK’ button.

This will take some time. Go get a coke or beverage or your choice and relax for a bit. More waiting. and…more waiting. If it seems like the system is stuck at 99% forever, that’s normal, at least in every case where I have done the install.

Finally! Important! Click on the ‘Continue Testing’ button. DO NOT click on the ‘Restart Now’ button or you have to redo a bunch of stuff.

We have now installed the main distribution to our thumb drive. The next step is to configure the newly installed system to use LVM and open the encrypted partition. However, before we do that we need to figure out the UUID of our encrypted volume. We want to do this so that we don’t run into problems if the device name of the drive changes from machine to machine. The command we used to use to do this was vol_id. This has changed with Backtrack 5. We now use blkid. So execute blkidas below.

blkid /dev/sda5
/dev/sda5: UUID="2c133ec5-2eb2-4261-b8ee-5f6924b24ee4" TYPE="crypto-LUKS"

Make a note of the ID_FS_UUID value which is in italics above. We will need it later. Note: your output will be different than mine. Now time to configure our newly installed system. The first thing we have to do is make the newly installed system active so we can make changes to it. We do that by mounting the partitions and chrooting to it.

mkdir /mnt/backtrack5
mount /dev/mapper/vg-root /mnt/backtrack5
mount /dev/sda1 /mnt/backtrack5/boot
chroot /mnt/backtrack5
mount -t proc proc /proc
mount -t sysfs sys /sys

To make everything truly operational, we can mount /dev/pts, but every time I try I have problems unless I reboot first. That is a real pain, so I just don’t mount /dev/pts. We will get a couple warnings/errors as we go along, but they do not affect our install. The magic to making all this work is to rebuild the initrd image that is used to boot our system. We need to include some things, load some modules, and tell it to open the encrypted volume, but first we have to go through the whole process of installing software again. We have to do this because we are essentially right back where we started when we booted the live cd. Do the following again.

apt-get update
apt-get install hashalot

The next step is to configure how initramfs-tools will create our initrd file. This involves editing one files, the /etc/crypttab file. follow the directions below to correct it. I use the vi editor, but you can use your favorite editor.

vi /etc/crypttab

We need to add the following line to the file. If you are new to vi, hit the o key and the type the following:

pvcrypt /dev/disk/by-uuid/ none luks

When you are done typing that line, hit the esc key and then type ‘:wq’ without the quotes to save and exit vi. The file should look like this. The uuid is unique to my case. Make sure yours matches your system.

# pvcrypt /dev/disk/by-uuid/09330b5a-5659-4efd-8e9d-0abc404c5162 none luks

Fixing the /etc/fstab file if necessary If we need to edit the /etc/fstab file, do the following. Again, use your favorite editor or vi.

vi /etc/fstab

The file will look something like below. The UUIDs will be different though.

# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
#
# proc /proc proc nodev,noexec,nosuid 0 0
/dev/mapper/vg-root / ext4 defaults 0 1
# /boot was on /dev/sda1 during installation
UUID=326d524e-7bb8-40a2-8915-4bc77e86ced6 /boot ext4 defaults 0 2

So in the fstab file replace options (error=remount-ro) with defaults, run "update-initramfs -u".

Fixing the pass phrase bug

cd ~
wget http://www.infosecramblings.com/cryptroot.patch
patch -u /usr/share/initramfs-tools/scripts/local-top/cryptroot ./cryptroot.patch
update-initramfs –u
then run fix-splash and reboot

Fixing the Auto-Remove Suicide Button

Note: I do not use aptitude, while aptitude safe upgrade will do the same thing, this is a fix for the use of apt-get, and I do not know how it will effect aptitude.

When you installed everything we needed for the crypto it installed some dependency that are marked as auto installed, which means if you auto remove and anything fancy they will be removed. And you NEED them to boot. These fallowing commands will mark them as manually installed, and will keep them whenever you change things.

apt-mark unmarkauto cryptsetup
apt-mark unmarkauto ecryptfs-utils
apt-mark unmarkauto keyutils

Adding Swap Space

As you have most likely noticed by now, things tend to run a bit slow. This is due to a few things, namely we installed the OS without having any swap space. Swap space normally isn’t encrypted and data could be pulled from it, so we are adding in the swap space, but it will be inside our encrypted volume.

dd if=/dev/zero of=/swapfile1 bs=1M count=8192

# Where count=8192 is 8GB

mkswap /swapfile1
chown root:root /swapfile1
chmod 0600 /swapfile1
swapon /swapfile1
nano /etc/fstab
/swapfile1 swap swap defaults 0 0

Then reboot the system. Now do a apt-get update && apt-get upgrde. Wait a little as shitloads of packages are updated. now do a apt-get dist-upgrade. Repeat the apt-get update && apt-get upgrade and enter fix-splash once more.

The following tools need to be installed / updated / fixed:

• java
• firefox
• wicd / remove this fucking pice of crap. (my apologies to the developers but a crap is a crap no mather how many work has been deployed to do it)
• nikto
• owasp zap
• xlockmore
• pulseaudio

Lets start with Firefox (thanks vxnuke from backtrack forums):

pkill firefox
mkdir /tmp/fox
cd /tmp/fox
rm -rf /opt/firefox/*
rm -rf /usr/lib/mozilla/plugins/*
rm -f /usr/share/icons/mozicon128.png
mkdir /usr/lib/mozilla/plugins
mkdir /opt/firefox

download this to /tmp/fox

wget http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/ (ur desired version .tar.gz)
download from adobe site the latest flash for linux (tar.gz)
wget http://upload.wikimedia.org/wikipedia/commons/7/76/Mozilla_Nightly_icon_2011.png

tar -xvf firefox-blablaversion.tar.bz2
tar -xvf install_flash_player_x_linux.blablablax86.tar.gz

cp -R firefox/* /opt/firefox
cp libflashplayer.so /usr/lib/mozilla/plugins/

#Restart Backtrack to reload start menu icon's or goto menu editor and reselect icon

cp -f Mozilla_Nightly_icon_2011.png /usr/share/icons/mozicon128.png

Now for java. Get the latest java from here:

pkill firefox
mv jdk-7u3-linux-i586.tar.gz /opt/java/
cd /opt/java
/opt/java# tar xvfz jdk-7u3-linux-i586.tar.gz
/opt/java# update-alternatives --install "/usr/bin/java" "java" "/opt/java/jdk1.7.0_03/bin/java" 1
/opt/java# update-alternatives --set java /opt/java/jdk1.7.0_03/bin/java
/opt/java# update-alternatives --install "/usr/bin/javac" "javac" "/opt/java/jdk1.7.0_03/bin/javac" 1
/opt/java# update-alternatives --set javac /opt/java/jdk1.7.0_03/bin/javac
/opt/java# javac -version
/opt/java# java -version

now make the fox of fire use java

ln -sf /opt/java/jre1.7.0_03/lib/i386/libnpjp2.so /usr/lib/mozilla/plugins/
export JAVA_HOME="/opt/java/jre1.7.0_03/bin/java"

test it in here:firefox http://java.com/en/download/testjava.jsp. Now you have firefox with java and flash. You are secure.

Remove the wicd shit:

apt-get remove wicd

To get network manager do the following:

apt-get -y install network-manager-gnome
cp /etc/network/interfaces{,.stock}
echo "auto lo" > /etc/network/interfaces
echo "iface lo inet loopback" >> /etc/network/interfaces
service network-manager start
nm-applet &

do

apt-get autoremove

to get rid of wicd dependencies.

To get zap proxy 2 working: simply delete the old one and install the new version (i think you are capapble of doing this on your own). This applies to nikto too as the ./nikto.pl -update option does not work. Same goes for sqlmap.

Lets make backtrack 5 r3 decent looking.

apt-get install compiz compiz-fusion-plugins-extra emerald simple-ccsm fusion-icon

Now go to backtrack menu -> system -> compiz fusion
You should see the icon in the toolbar, right click on it and select "Reload Window Manager".

Adding compiz to startup:

Go to /etc/ and edit the file called "rc.local". And just add the files you installed to it, like this:

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
 
compiz
compiz-fusion-plugins-extra
compiz-fusion-plugins-unsupported
emerald
simple-ccsm
fusion-icon
 
exit 0

you have to be quiet not ugly .

I like root. But I also love to keep the screen locked. This is from http://www.dantevios.com/2011/06/24/howto-lock-your-screen-in-backtrack-5-gnome/ :

Install xlockmore via the command line by running the command:

aptitude install xlockmore

Go to System -> Preferences -> Keyboard Shortcuts
Find the shortcut labeled “Lock screen”
Click on it and set the shortcut to disabled by pressing the backspace button
At the bottom of the screen click “Add”
For the name enter in something like “Lockscreen”
For the command enter in “xlock”
Click Apply
Click on the newly created menu item you made “Lockscreen” at the bottom of the list and press CRL+ALT+L or whatever you want to bind your screen locking key to be.
Click Close
Vuala! Now you can lock your screen by pressing the key you bound.
I will update/clean this tutorial as soon as I have time.

Ah yes fixing the sound:

Add a startup program

Open Startup Application on System > Preferences > Startup Application.
Then fill the form with this

Name : Pulseaudio daemon
Command :/usr/bin/pulseaudio
Comment : Start the sound daemon

Get the nessus deb package from the official site and install it using dpkg -i (packagename).deb.

There are many other tools that need to beupdated any many others that are not included in this tutorial. But if they were mentioned than it would be all to easy. Right? If the steps described here do not work or you think I broke some law or copyrights please drop a line to my legal departament. Thx

DefCamp 2012. Second edition of the Romanian conference dedicated to IT Security or as the organizers declare, in-security. The idea of DefCamp came out in March 2011, after some informal discussions between more computer security addicts from Romania, passionate about various INFOSEC topics.

When?

Friday, November 30, 2012 at 9:00 AM - Sunday, December 2, 2012 at 6:00 PM (PST) Bucharest, Romania. 44.441682,26.059049 to be more precisely. https://plus.google.com/109940733198368750319/about?gl=ro&hl=ro

Who?
Unlike the first edition of DefCamp where mostly Romanian underground security specialists enthusiasts were present this year the event is backedup by KPMG Romania.

And I really have to mention the following:

• Jim Manico, VP of Security Architecture at WhiteHat Security and VP OWASP with over 16 years of experience in IT security
• Andras Kabai, Senior IT Security Specialist at Deloitte
• Marian Ventuneac, Security Architect at Genworth Financial and Founder OWASP Ireland-Limerick Chapter
• Alexandru Bălan, Chief Security Researcher at Bitdefender
• Adrian Furtună, Security Consultant at KPMG România and international speaker at IT security conferences
• Bogdan Alecu, System Administrator and international speaker at IT security conferences

Some of the topics discussed will be: 0days, captcha breaking, digipass bypass, mobile security, android malware, DDOS, networking, P2P networks, D&D APT’s, social engineering and baking muffins.

Why?

If grey-hat, black-hat, blue-hat or white-hat means more to you then fashion, you should join. There will be security workshops, forensic, cracking, hacking and polo contests. Also it is very important that you keep up with the latest topics in this very dincamic field.

Another reason to join is helping this event to become the best running hacker convention around Eastern Europe.

Official website: http://www.defcamp.ro/
Official Facebook page: http://www.facebook.com/pages/DefCamp/116250668472724
And: http://www.worldit.info/articole/defcamp-2012-bucuresti-un-eveniment-hipnotizant-tu-ai-vazut-prezentarile/

Buy your ticket here: http://defcamp2012-es2.eventbrite.com/?rank=1#

Description

snuck is quite different from typical web security scanners, it basically tries to break a given XSS filter by specializing the injections in order to increase the success rate. The attack vectors are selected on the basis of the reflection context, that is the exact point where the injection falls in the reflection web page's DOM. Having access to the pages' DOM is possible through Selenium Web Driver, which is an automation framework, that allows to replicate operations in web browsers. Since many steps could be involved before an XSS filter is "activated", an XML configuration file should be filled in order to make snuck aware of the steps it needs to perform with respect to the tested web application. Practically speaking, the approach is similar to the iSTAR's one, but it focuses on one particular XSS filter.

Download here

Learn more about it here | Download from here

Passive Plug-ins

• Analyzes all traffic going through the tool
• Can also modify the traffic
• Identifies vulnerabilities passively

Eg: Passwords sent over clear-text, Http-Only /Secure flag missing in cookies

Active Plug-ins

• Performs scans against the target to
• identify vulnerabilities
• Executed only when the user explicitly
• calls them
• Fine-grained scanning support

Eg: Cross-site Scripting, SQL Injection

IronWASP performs Taint Analysis forDOM based XSS, identifies Sources and Sinks and traces them through the code. Also custom Source and Sink objects can be configured.

CURRENT functionality:
-S - stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language detection (should be obvious), robots.txt, 200 response testing (some servers send a 200 ok for every req), and thumbs.db scanning
-auth - looks for login pages with a list of some of the most common login files and dirs and admin consoles. don't need to be very big list of URLs because what else are going to name it? notAlogin.php???
-Cp - scan with a huge list of plugins dirs. the list is a bit old (Drupal and wordpress plugins databases are now current but sorry joomla's still a bit old)
-I - searches the responses for interesting strings
-Ws - looks for web services such as hosting provider, blogging services, favicon fingerprinting, and cms version info
-Fd - look for generally things people don't want you to see. The list is generated form a TON of robot.txt so whatever it finds should be interesting.
-ninja - A light weight and undetectable scan that uses bits and peaces from other scans
-R - use http range headers to make scans faster
-Shadow - Use Google cache instead of requesting from the target host
-Sd - Bruteforce Sub Domains
-Db - Bruteforce Directories with the big dirbuster Database
-ua - use a custom UserAgent. PUT UA IN QUOTES if there's spaces
-proxy - send all http reqs via a proxy. example: 255.255.255.254:8080
-e - run all the scans in the tool

web-sorrow also has false positives checking on most of it's requests (it pretty accurate but not perfect)

EXAMPLES:

• basic: perl Wsorrow.pl -host scanme.nmap.org -S
• stealthy: perl Wsorrow.pl -host scanme.nmap.org -ninja -proxy 190.145.74.10:3128
• scan for login pages: perl Wsorrow.pl -host 192.168.1.1 -auth
• CMS intense scan: perl Wsorrow.pl -host 192.168.1.1 -Ws -Cp all -I
• most intense scan possible: perl Wsorrow.pl -host 192.168.1.1 -e
• dump http headers: perl headerDump.pl
• Check if host is alive: perl hdt.pl -host 192.168.1.1

Download

CONTACT: @flyinpoptartcat