Review: BackTrack 2 security live CD

1428

Author: Lorenzo Simionato

BackTrack is a live CD Linux distribution that focuses on penetration testing. A merger of two older security-related distros — Whax and Auditor Security Collection — BackTrack bundles more than 300 security tools.

BackTrack is based on the SLAX distribution (a live CD derived from Slackware) and runs a patched 2.6.20 kernel. It offers users both KDE and Fluxbox desktop environments.

To start using BackTrack, download the ISO image and burn it to a CD. Insert the disc and boot your machine. Once booted, the system start at runlevel 3 (text mode), where you must log in as root and choose whether to start KDE or Fluxbox or just use the terminal. BackTrack provides clear, concise instructions for logging in, starting the window manager, and configuring the video card before you see the login prompt. If you’ve never used BackTrack before, use a graphical environment, since it will help you understand how all the included applications are organized and let you take advantage of some graphical utilities. When the window manager comes up you’ll find some ordinary desktop programs, such as Firefox, Gaim, K3b, and XMMS, within a nice environment with beautiful wallpaper and window transparency.

Don’t let the attractive appearance fool you — BackTrack packs a punch. The security tools are arranged inside a Backtrack submenu. This is a big improvement over older releases, because you can easily follow an attack methodology: starting by collecting information and end by hiding your actions.

The tools are arranged in 12 categories, such as vulnerability identification, penetration, privilege escalation, radio network analysis, and reverse engineering. Among the more than 300 security tools you’ll find such familiar names as the Metasploit Framework, Kismet, Nmap, Ettercap, and Wireshark (previously known as Ethereal).

BackTrack 2 – click to enlarge

One of the core points of this release is the attention to detail. For example, when you choose most of the programs from the Backtrack menu, a console window opens with the output of the program’s help. Some tools have been bundled with scripts that in a few steps configure and run the program for you. For example, if you run the Snort intrusion detection application, a script asks for some passwords and then sets up MySQL, Apache, Base, and Snort itself so you can easy browse alert logs via a Web browser.

If you open Firefox or Konqueror you’ll find some useful security-oriented bookmarks. In the Documents submenu the developers have included PDF manuals for the ISSAF and OSSTMM security methodologies. There are also some tools that you wouldn’t expect inside a live CD; for example, you have a popular debugger for Windows, OllyDbg, which runs fine through Wine, so you can even debug .exe files.

If you like the live CD, you can install BackTrack to a hard drive (decompressed, it requires 2.7GB of space) or USB memory stick (compressed, 700MB) using a graphical wizard.

While BackTrack is an excellent tool, nothing is perfect. Unfortunately it doesn’t include Nessus, the popular security scanner, due to license problems. I tried to start PostgreSQL from the Services menu, but it gave an error. And it seems as if the developers forgot to update the Backtrack menu in Fluxbox, because it offers the previous version arrangement. Tools like VMware and Nessus appear on the menu but are broken links because they have been removed from this release.

Despite a few little bugs and problems, BackTrack is the best distribution I’ve found for handling security-oriented tasks out of the box.

Lorenzo Simionato studies computer science at the University of Venice.

Category:

  • Security