July 17, 2008

AV Industry !



A cool picture of current state of AV industry , I`ve came across while browsing ThreatExpert blog . It`s funny but absolutely true !

Recently I`ve began some focused researches on malwares . So far it has been good and interesting case and I`m sure it will get more interesting when moved out of lab-tests. Expect some public outputs soon .

July 12, 2008

BackTrack3 Local Install

BackTrack 3 final was released some weeks ago , and most of you must have booted it by now . There were many changes since 2 or even 3-Beta , and many changes were applied in background. Like updating core components and softwares , kernel , KDE , kernel modules , etc ... . There are enough notes everywhere about BT3 news.

But BT3 announcement was not the reason behind this blog post . This is about how to install BackTrack among your current OS ( Perhaps XP/Vista ?! ) and boot it from your hard-disk , not your flash-disk nor CD/DVD .
BT3 , like many other live distors is going to make user belive it`s a LIVE distro , not one for being used as your daily OS . And why such idea ? because not many users are able to re-extend such stripped-down OS versions back to a reliable working OS out of the purpose it`s designed to . BT3 is not an exception . I`ve had many reports from people around about problems while using BT2/3 as an OS for something different than assessments or pen-test like activities. So , after some developments here`s where we`re not :
BT3 Final have no built-in script/option/tool for making it boot from hard disk.
Yes, BT3-Beta had some broken scripts for that , but even that one is removed now :)
After all of these crap , what if you still need to boot it from your hard disk ?

Here are steps to follow :

1-Free some disk-space in your HDD , at least 4 GB . You may like to delete some of your windows logical drives , or use 3rd-party softwares like Partition-Magic to resize current volumes.

2-By either using your favorite win32 tool or booting BT3 and using 'qtparted' utility , create EX3 or EX2 partition in free space on disk. Don`t ask me how to format a volume with EX2/3 . go learn it by yourself !

3-In case in previous step you`ve NOT aleready booted BT3 , do it now . If you`ve done so , reboot your system and boot BT3 from flash/cd again.

4-Copy BT3.kmdr in '/usr/share/slax/' path . This is the missing installer script you need it . Although it`s nothing but scripted version of some copy and chmod commands , but lazy people like me prefer to do it clean and automated anyway !

5-Be sure your new ex2/3 volume is automatically mounted by BackTrack , by using 'mount' command and checking results. if it`s not the case , manualy mount it by 'mount /dev/hda7 /mnt/hda7' . Based on your hardware and system this 'hda7' thing may be different. If you`re not sure how it is in your system , use 'qtparted' again , and see which device-name is assigned to newly created volume , and use it with mount command.

6-Execute installer script with this command : 'kmdr-executor /usr/share/slax/BT3.kmdr'

7-in GUI , leave the "source" as it is . Set "Install BackTrack to" to your new volume which in my case was '/mnt/hda7' . Leave "Write new MBR..." to what it poinst to (/dev/hda in my case).

8-Based on the way you need your HDD boot BackTrack , select 'Live' or 'Real' option . If you set it to Live every time you boot , it`s like you`re booting it from CD/Flash . Everything will begin from scratch and at every boot there would be checking for detecting available hardwares and etc... . If you set it to 'Real' , as it`s named installation and boot will be simular to a normal linux installation . packages ( lzm modules) will be extracted to hard-disk during installation and you`ll be more relax while configuring/using OS after normal installation. Take my advice and use 'Real' .

9-Press the INSTALL and leave your desk for a cup of coffe , or what ever you think is more time-consuming than slow progress of installation process :) don`t get worry about system halts . installation takes long time.

10-When finished, it`s time to make your pc boot BT3 . You`ll mostly want it to dual-boot with your current OS ( I assume you`re using XP ) . So here we go . In usual case , all we need to do is to 'chroot' our new ex3 volume , install lilo on MBR , and finish . But in BT3 it`s not the case . For some known/buggy reasons , you can`t follow normal chroot process. following usual chrooting will end up in serious problems while installing LILO on your master-boot-record . So here`s how to do it in the right way .
First, run these two commands :

bt~#mount --bind /dev/ /mnt/backtrack/dev/
bt~#mount -t proc proc /mnt/backtrack/proc/


Now we chroot to our new ex3 volume by "chroot /mnt/hda7" . if everything has gone fine , it`s time to install LILO as our boot-loader .

10-change the contents of "/etc/lilo.conf" to the following . Be warned that you MUST change below config to match your system . For example , if your system mounts drives on /dev/sda rather than /dev/hda , you should change it to match your system . All it needs is few working brain cells !
lilo.conf contents should be :

boot = /dev/hda
compact
prompt
timeout = 50
change-rules
reset

default=MS-Windows_XP

vga=0x317

image = /boot/vmlinuz
root = current
label = "BackTrack3"
read-only

other = /dev/hda1
label = "MS-Windows_XP"
table = /dev/hda

You can use 'vim' or 'nano' as your text editor for doing above changes. like 'nano /etc/lilo.conf'

11-now that you`ve saved new lilo.conf , just run 'lilo' command in console , and lilo will prompt you about success in installation of lilo on MBR . You`re done! exit the chroot , and reboot your system . You shuld see default ugly red lilo menu :)

** As always , if you`ve messed in any step and you found you`ve lost your windows boot-loader and can`t run windows anymore , don`t panic . People usually mess their MBR while installing lilo . If you`ve done so and/or for any reason just don`t like to continue with lilo , here`s how to recover :
Get a windows installation (bootable!) cd/foloppy and boot to good old MS-Dos prompt . New bootable windows installations CDs won`t help you as they mostly directly start windows setup . Find old one ,or simply create a windows startup bootable cd/floppy , or download one from internet . This bootable cd should let you boot into MS-DoS and run FDISK command.
After you`ve found it and booted with it , just run 'fdisk.exe /MBR' . At next reboot , everything would be like your good old MS-Windows boot days.

Here`s another how-to for installing BT3 on your HDD , if you don`t like mine. Again I`m warning you that I`m NOT responsible for damages you may cause to your system by following above steps ! Just don`t reply to this post blaming me why they`re not working . DO THEM AT YOUR OWN RISK!