Backtrack 4 - USB/Persistent Changes/Nessus

Note: This page only works for the Backtrack 4 Pre-final available from the Informer and for Backtrack 4 Final when it is released soon.  The page for Backtrack 4 Beta is here.

This how-to will show you a method for building a usb thumbdrive with the following features:
  • Persistent Changes - Files saved and changes made will be kept across reboots.
  • Nessus and NessusClient installed - Everybody needs Nessus :)
Table of contents:
This guide is written with the following assumptions:
  1. You know how to partition and format disks.
  2. You are familiar with Backtrack.
  3. You are familiar with Nessus.
  4. You are familiar with Linux.
  5. You are familiar with Windows.
Tools and supplies:
  1. A USB thumbdrive - minimum capacity 4GB
  2. A Backtrack 3 CDROM, Backtrack 4 DVD or an additional USB thumbdrive  (minimum 2GB) - Used to partition the thumbdrive.
  3. UNetbootin - A tool to transfer an iso p_w_picpath to a USB drive.
Let’s get started!
If you have a Backtrack 3 CDROM or Backtrack 4 DVD, you are in good shape, if you don’t and are using an additional USB thumbdrive, skip to here and then return once you have a bootable Backtrack 4 device. I know this seems convoluted, but it’s the easiest and most sure way I know to get us where we want to go.
First let’s partition our thumbdrive. With the release of Backtrack 4 Final, a 4 GB drive is required.  For Backtrack 3 and Backtrack 4 Beta, we could get away with a 2GB drive. Another note, we need to format the partitions under Linux. There may be a way to do this in Windows and make it work, but I haven’t researched that yet.
We need to partition and format the drive as follows:
  1. The first partition needs to be a primary partition of at least 1.5 GB and set to type vfat. Also remember to make this partition active when you are creating it. Otherwise you might have some boot problems.
  2. The second Partition can be the rest of the thumbdrive.
Now we need to format the partitions. To do so, execute the following. Make sure you select the correct drive as picking the wrong one could be disastrous. In my case, the drive was enumerated as sdb.
mkfs.vfat /dev/sdb1
mkfs.ext3 -b 4096 -L casper-rw /dev/sdb2
Two things to notice above, 1) we are using ext3 instead of ext2 and 2) you must include the -L casper-rw portion of the command. Being able to use ext3 is great because of journaling. The -L casper-rw option helps us get around the problem we had where we had to enter the partition name in order to get persistence working. As you will see, that is no longer necessary. WooHoo!
So go ahead and partition and format the drive according the layout above. Once I was done with this step, I switched back to a Windows system for the next few steps.
Now you need to have a copy of Backtrack 4 Final or Backtrack 4 pre-final. I will update this part of the how-to when the final download is available. If you have the pre-final, you are set to carry on.
So now we have a usb thumbdrive with at least one 1.5 GB FAT32 partition on it.
The next step is to make it a bootable USB thumbdrive. There is a much easier way now. We are going to use the UNetbootin tool mentioned above. It is super easy to use. Just start UNetbootin, select the Backtrack 4 ISO, select the USB drive and click okay. You may get a warning that files exist on your USB drive. After making sure you picked the right one, tell it to go ahead and replace the files. It’ll chug along and before you know it you will have a bootable thumbdrive. Much easier than the rigmarole we had to go through before.
This is done much differently and more easily than it was in Backtrack 4 Beta or Backtrack 3. First of all, for basic persistence, we don’t have to do anything at all. There is already a menu option that takes care of it for us. Unfortunately, it is only for console mode so we need to make a couple changes. One thing, since we used unetbootin to create our thumb drive, the instructions below are a little different than those in the video referenced at the end of this post.
This change needs to be made when we are not booted to Backtrack 4 Final.
Open the syslinux.cfg file that is in the root of the first partition of your USB drive in your favorite editor.
  1. Add “Default 5″ right after the timeout line near the top of the file.
  2. Next find the line the says “menu label Start Persistent Live CD”
  3. Append “vga=0×317″ without the quotes to the next line which starts with kernel.
  4. Save the file and exit the editor.
That should do it. Reboot and either select “Start Persistent Live CD” or just wait since we set it to auto-boot to persistent mode. To test it, create a file and reboot again. If your file is still there, everything is golden.
Now that our changes are saved from boot to boot, we can install things and they won’t disappear on us :)
Download the Ubuntu Nessus and NessusClient packages from nessus.org. I used the 32-bit 8.04 version which worked fine for me.
Again, with Backtrack 4 things are little easier. To install the Nessus server, simply execute the following command to install the package.
dpkg --install Nessus-4.0.1-ubuntu804_i386.deb
Things are little bit more complicated or the client. There are some dependencies that need to be installed first. Luckily, we have apt to help us with this. Execute the following commands to install them. The first one updates the apt-get cache. You may get an error about a GPG key not being found. You can safely ignore this.  The second, which is all one line, installs the pre-requisite packages.
apt-get update
apt-get install libqt4-core libqt4-gui libqtcore4 libqt4-network libqt4-script libqt4-xml libqt4-dbus libqt4-test libqtgui4 libqt4-svg libqt4-opengl libqt4-designer libqt4-assistant
After than, we can install the client package.
dpkg --install NessusClient-4.0.1-ubuntu804_i386.deb
Finally it’s time to configure Nessus. Execute each of the following and follow the prompts.
/opt/nessus/sbin/nessus-mkcert
/opt/nessus/sbin/nessus-adduser
You need to go here and request a key so you can get your feed. That is a link to the free feed for home use. Use appropriately.
Once you have your key. Execute the following to update your plugins. Please note that there are two dashes before register in the nessus-fetch line below. They can display as one sometimes.
cd /opt/nessus/etc/nessus
/opt/nessus/bin/nessus-fetch --register [your feed code here]
When that is done, and it is going to take a few minutes, you are ready to start the server and client. Be aware that with version 4.0, while the command to start returns quickly, the actual starting of the service may take a minute or two. You can use netstat -na to check that the server is listening on port 1241.
/etc/init.d/nessusd start
/opt/nessus/bin/NessusClient
Woohoo, time to find those vulnerabilities.
Please let me know of any corrections or changes that should be made. You can leave a comment or send me a note at kriggins [at] infosecramblings.com.
Kevin
references: The persistent configuration information was taken from a video on www.remote-exploit.org that I will reference once the Final is released.