Just Another Tech Blog

Yesterday night and this morning, I have been messing around with the BackTrack 2.0 LiveCD. BackTrack is the ultimate security oriented Linux distro around. It includes a huge variety of Security and Forensics tools providing everything you need to test the security of any network/ computer to the MAX (penetration testing). More on features later. Here's some background on the distro:

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Audito. Combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out. Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.

Note the last part, about how it provides "user modularity." This is what makes BackTrack truly awesome. Here's how it works. Basically, you head to a site like the Slax modules page and download whatever module(s) you need. These modules are user made and provide everything from drivers for wireless devices, to whole programs and frameworks. You can then take these modules and insert them into the .iso file of your slax based distro. This is most easily done with the MySlax creator. Sadly, the MySlax creator is only available for Windows based systems *humph*. No problem for me though, I just quickly booted up my Windows XP VM, and installed it on there. The MySlax creator is extremely useful in not only insterting modules into your .iso, but also in creating bootable USB flash drives (Parallels has crappy USB support though, so I couldn't try it) and configuring boot options for the LiveCD (gui, no gui, environment, etc.). Let's hope MySlax is ported to Linux soon! The only module I chose to instert was one containing the drivers to my wireless card based on the RT2500 chipset. Once you have the custom .iso made, you can burn it to a CD and boot up the distro.

Boot up was no problem, and most all my hardware was automatically detected. Boot time wasn't bad, considering it was loading the whole OS off the CD, it can be lowered by disabling hotplug hardware detection. BackTrack has a nice uncluttered feeling right from the top by not offering the scads of boot options found in Knoppix. By default, it doesn't enter into a GUI, but rather stops at the shell. Just type:
start x
to bring up the GUI. Or, use the MySlax creator to customize boot options. The desktop is wonderfully free of icons (thank you BackTrack team!) upon start of the GUI (KDE), adding to the uncluttered feeling. Overall organization is great. Connecting to the internet was not too difficult. Using a combination of the good ol' shell commands iwconfig and ifconfig, along with the use of the the installed wireless assistant, I had my connection going in no time. Performance is quick and snappy, even when running from the LiveCD.

On to the features. As I mentioned above, BackTrack has the ultimate collection of pentest related programs. The default desktop environment is KDE, providing an excellent overall UI. Open the BackTrack menu from the KDE menu, and you see tools for scanning, spoofing, sniffing, wireless, password cracking, exploits, database (Oracle), cisco, tunneling, proxies, and more. If you can think of it, BackTrack's got it. There are even GUIs for most of the tools, but the best way to utilize BackTrack is through hard core shell work. Installing to a hard drive is no hassel, using the provided "BackTrack installer" you can have BackTrack 2.0 up and running from your hard drive in no time!

In short, BackTrack 2.0 is the definitive security based Linux distro. Every network/ sys admin should have a copy of the LiveCD in his/ her arsenal. The team really did some good work on this distro, I can only begin to imagine what the next release holds!
Check out the BackTrack homage @ Remote-exploit.org. Or, head straight to the download page! Happy hacking [don't do anything illegal though! =) ] Screenshots: