.

Os Advice

<<

matthiasfan

Newbie
Newbie

Posts: 25

Joined: Tue Aug 07, 2007 2:18 pm

Post Fri Feb 29, 2008 12:59 pm

Os Advice

Hello all!

Just had a quick question for you.  I run a small network for an academy and I like to test out our security.  I'm trying to decide what os to use.  Ideally, I would like to use both Xp and Backtrack.  This is where the decision comes in.  Do you all think that I should setup a dual boot so I can try to use Xp when I need it and Backtrack when I need it, or should I try running Xp and use vm to run Backtrack.  I was also thinking of using Backtrack and then using Wine to run some Windows programs.  What do you all suggest to be the best solution.  I really like the abilities of Backtrack, but at the same time, Windows has some software linux doesn't, like Cain and Abel.  Plus, I am more used to the environment of Xp. 

Thanks in advance.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Feb 29, 2008 1:15 pm

Re: Os Advice

I'm sure you'll get a mix of replies on this one. I'll keep mine simple.

If those are the only two you're looking at using, setup a dual boot. Reason being (and it's been pointed out in other posts) is that you may not get the same result from using a VM to perform the tests as you would from actually having the OS on the wire.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Fri Feb 29, 2008 1:25 pm

Re: Os Advice

I guess  I have to respond since I'm they one usually ranting about not testing out of a VM.  If you are doing this for yourself, and have nobody to answer to other than yourself, then I would consider running BT in the VM.  Usually I get all frothy at the mouth telling people not to do that, but that is from the mindset of testing a customer's network where inaccurate results can cost you your contract, or someone at the company their job.  I'd use a VM if I was just putzing around, but I wouldn't use it unless I had to if the results were going to end up in a formal report with my signature at the bottom.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Fri Feb 29, 2008 1:32 pm

Re: Os Advice

This will be interesting as far as replies and pseud0 has good advice.  If you are just testing security from the "inside" it really doesn't matter.  You can run some effective scans from windows from the inside. I mean if you are using vulnerability scanners like Nessus or GFIlanguard.  If you dont know linux well, learn the basics of it before you start incorporating it into your "toolbox".  Backtrack is vulnerable to being hacked if you dont know how to harden it. That would be ironic if you think about it,lol. 

On the other hand, if you want to hack from the outside, well then use linux.  My opinion is Backtrack is a great learning tool for tools. But for a serious attack OS, you should compile one yourself.  Its not hard and you will learn much more if you take the time.  Remember there are 2 different attacks we usually see. Internal or external. If you are just testing your internal network, well there are great programs for both linux and windows. If you are trying to hack from the outside, in my humble opinion you should lean to use  linux and that does not mean Backtrack.  Again, Backtrack is an awesome source of tools and a first class way of getting your "fingers dirty" , but as you grow you should learn how to make your own attack OS.  Thats my 2 cents.
Last edited by Kev on Fri Feb 29, 2008 1:37 pm, edited 1 time in total.
<<

dannioni

Newbie
Newbie

Posts: 44

Joined: Tue Sep 18, 2007 12:51 pm

Post Sat Mar 01, 2008 10:18 am

Re: Os Advice

Kev, which OS would you recommend as a base for a attack OS?
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Sat Mar 01, 2008 11:30 am

Re: Os Advice

For someone new to Linux, I recommend Ubuntu.  This distro has so much support and you will find that most tools compile with little or no problem.
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Sat Mar 01, 2008 11:34 am

Re: Os Advice

Since no one else is saying it, I will:

What is a good starting point for people who want to put together their own attack OS?
Last edited by eth3real on Sat Mar 01, 2008 11:52 am, edited 1 time in total.
Put that in your pipe and grep it!
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Sat Mar 01, 2008 11:44 am

Re: Os Advice

Try installing Kismet. If you can do that, you will find other tools much easier for the most part.  One caveat I would mention about Ubuntu, if you have installed it and you are attending a hacker convention, just lie and say you are using Gentoo, lol. 
<<

matthiasfan

Newbie
Newbie

Posts: 25

Joined: Tue Aug 07, 2007 2:18 pm

Post Sat Mar 01, 2008 12:40 pm

Re: Os Advice

Just wanted to tell everyone what I ended up doing.  I ended up doing the dual boot of XP and Backtrack.  I finally have everything setup the way I want it.  Took me a while though.  ;)

For those looking to do a dual boot, here are two great links:
http://www.offensive-security.com/movie ... lboot.html
http://backtrack.offensive-security.com ... _hard_disk

Also, I would like to make my own distro,  but I need to do a lot more reading about it and understanding of the basics first.  It is a great idea though Kev!
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Sun Mar 02, 2008 4:52 pm

Re: Os Advice

For people willing to put together their own attack OS, would you recommend starting with something that has already been made (such as Ubuntu), or something like LFS (http://www.linuxfromscratch.org/) and make it all from source??

I've been using precompiled distros (BackTrack, nUbuntu, Helix, Knoppix STD, Gentoo, Debian, etc.) for a long time, and I am intereted in putting together my own pentesting OS.

Who else has put together their own attack/pentesting OS, and how did you do it?
Put that in your pipe and grep it!
<<

LSOChris

Post Sun Mar 02, 2008 5:29 pm

Re: Os Advice

if you want to help, then help with pentoo. LSO is working with the developer to build it into a more functional distro with tools you need and not just throwing the kitchen sink at it.

if you want to help i'll link you up with the developer
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Mon Mar 03, 2008 3:54 am

Re: Os Advice

For my two cents worth.

I've tried setting up a dual-boot MS-?/Backtrack machine on a number of occasions and never same to get that much benefit from it. If your primarily a windows person than just boot backtrack from the CD.(or other, I personally like knoppix-STD although it doesn't seem to be developed as agressively as BT)

This way you get all your usual OS for day-to-day and your Linux tools when necessary. Only time I would consider running BT in a VM is if your trying to study/experiment during quiet moments at work and still need your primary system for 'work'  ;) .

On the build your own side, again I've tried this several times (actually intend to start again...) Previous attempts have been made using Kubuntu and usually end up with me removing something vital whilst trying to get rid of the fluff I'm not interested in. In an attempt to start small, but still gain the advantages that come from the [k]ubuntu/Debian family I'm intending to start with a base install of Debian and build my system from the commandline with the apt system.

But ChrisG may have just thrown a spanner in my plans as a quick look at the Pentoo site makes me think it may be worth investigating further....
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Mon Mar 03, 2008 9:36 am

Re: Os Advice

On a side note, I used Ubunto as our primary with the wife. Mind you she can turn on a PC but beyond that, she could give two shakes. She really found it easy to use and was quite impressed with it. I also found it to be relatively friendly and a good place to start with Linux.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Mon Mar 03, 2008 10:53 am

Re: Os Advice

I feel having a good understanding of linux is still an important skill for a hacker. The best way is to install a distro and begin installing tools and drivers and rebuild the kernel if need be.  Backtrack is great to get a quick feel for the tools and if all a tester desires  to be is someone that just runs a series of tools that are on a pre-compiled CD then thats fine. But why limit yourself to that? There is going to be a time when you want to write your own tools or tweak the ones you are working with.  Linux is a very customizable OS which is important in this ever changing environment. And as far as running live CDs, most pentesters I know don't do that. Even the creators of Backtrack don't use it like that. Muts told me himself he likes to run it from a hard drive install.  I guess it really all comes down to how far you want to progress as a hacker.  If you are an over worked Admin that has mostly a windows background and just want to fire off a few tools to check your network, then by all means just run something like Backtrack. On the other hand you want to try and develop yourself into a first class hacker, take time to learn linux inside and out.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Mon Mar 03, 2008 11:10 am

Re: Os Advice

Kev,

I've heard the argument a few times that you re limited in what you can learn about Linux when running from a live CD.

However as most Linux installs I've done recently involve little more than clicking 'next' until the install starts I can't imagine that you can learn to much from installing the more mainstream distros, even the backtrack hdd install is fairly straightforward.

Whilst you *will* learn a lot building a pentest laptop using damn small linux etc. I don't see too much advantage over using BackTrack et al. from a harddrive install over a live distro.

(as a caveat: I use live distros (BackTrack, Knoppix-STD or Helix depending on situation) for incident handling work for ease, but my usual OS is Linux so I can get my fix there from a learning perspective)
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software