Tuesday, April 11, 2006

BackTrack - A "live" Linux CD could be trouble in the wrong hands

I sat down last night with a REALLY good toolkit for security professionals called BackTrack - A "live" Linux CD could be real trouble in the wrong hands. It is a bootable CD-ROM that runs Linux. Well, you say, what's so new about that? What is new is this has been designed with the computer security professional in mind, and is truly a "Swiss army knife" full of very sharp tools.

It is the product of two different distros merged together for a common purpose. That purpose is to be the main rifle in the white hat's gun belt. I have used both before. Slax Linux was modified with several security scanners, password checkers, and a darn good set of manuals. It was then called WHAX, a name I still like a lot (you got WHAX'ed baby!).

The other distro was Whoppix, a Knoppix spinoff , and later known as Auditor. They have now joined forces, and came out with an truly amazing product called BackTrack.

Someone could do some real damage with this if they go running this new toy. And earn some real "l33t" bragging rights. After a judge sentences you to say, 10 to 15 years, you may not feel so much like bragging. Don't get me wrong, programs for the network admins and "white hats" have been around for years. I ran Bastille on almost all of my Linux boxes, installed tripwire and kept a copy of the CRC checksums in a safe, and tried to exploit them locally and remotely with tools like VeteScan and John the Ripper.


Simple truth is, if you want to make a good safe OS, you have to use the same tools that the bad guys would use, and try to make it as difficult as you can for them to break in.

This is a very good Linux OS build. It features some nice graphics, and good set of the standard tools like Mozilla Firefox, Evolution for email, GAIM, and the standard OSS applications. When you get to the BackTrack menus, you notice something VERY different. I include screen shots for you enjoyment here. Notice the cool see-through teminal windows. Did I mention that you can install this to your hard disk. Hmmm. Where did I put that laptop. . . .?


This is the popular port scanner "NMAP" running. Knock Knock, anybody home?


Here is one of the coolest tools I have ever seen for network analysis "EtherApe". Real-time network sniffing to track done those bums downloading MP3's at work.


This is the screenshot from the web site. The menu shows some of the tools included on this CD.

I frankly am a little worried that after all of the phishing and jacking and hacking I have been seeing happen lately, that we would dial up the arms race another notch. I guess a good toolkit is a good thing. In the the hands of the good guys, of course.

In the wrong hands however, it could be extremely dangerous! Do not try this at work! Don't even try this at home, in the dark, with your own computer!

(Unless you first sign a release form and a non-disclosure agreement with your self.)

Here is the blurb from the main website:

"BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions , Whax and Auditor.

Combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.

Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customized by the user to include personal scripts, additional tools, customized kernels, etc.

Backtrack security collection is a Live-System based on Slax. With no installation whatsoever, the analysis platform is started directly from the CD-Rom or RAM and is fully accessible within minutes. Independent of the hardware in use, the Backtrack security collection offers a standardized working environment, so that the build-up of know-how and remote support is made easier. Even during the planning and development stages, our target was to achieve an excellent user-friendliness combined with an optimal toolkit. Professional open-source programs offer you a complete toolkit to analyze your safety, byte for byte. In order to become quickly proficient within the Backtrack security collection, the menu structure is supported by recognized phases of a security check. (Foot-printing, analysis, scanning, wireless, brute-forcing, cracking).

By this means, you intuitively find the right tool for the appropriate task. In addition to the approx. 300 tools, the Backtrack security collection contains further background information regarding the standard configuration and passwords, as well as word lists from many different areas and languages with approx. 64 million entries. Current productivity tools such as web browser, editors and graphic tools allow you to create or edit texts and pictures for reports, directly within the Backtrack security platform. "

This is from the Auditor web page (now merged with BackTrack).

1 Comments:

Blogger OPFM Admin said...

This comment has been removed by a blog administrator.

9:15 AM  

Post a Comment

<< Home