combatwombat27 Posted November 17, 2011 Share Posted November 17, 2011 Here is the scenario: You get a chance to go to a con, for this example DEFCON. (If you dislike DEFCON that is ok, just put that aside temporarily and work with me here :P) You want to use backtrack to play around while we are there and we don't want people to access our stuff. As the saying goes, you might as well consider anything on your computers hdd as shared while there. You only have your one laptop, you cannot borrow one etc. You only have your one laptop hdd, you can't buy/borrow another. You haven't encrypted your laptop hdd and your running Win xp/7 So! You get clever and boot BackTrack via usb on your laptop that way your not in your main os and you can have a little fun. :P But wait! assuming the attacker can compromise your BT5 then he is in your system and can mount your laptop hdd and access your stuff just as if you were running your unpatched Win box. Here is what I'm thinking and wondering. Besides removing the hdd is there really any way to stop BackTrack from being able to mount or enable the drive? I mean is there a way you could cripple its use untill say a reboot or something? (Yes, you could encrypt it, remove it, etc but that isn't the way I want to go with this.) Secondly, How secure are you running BT5 really? Is it just assumed that you could be compromised at any moment? Has anyone actually tried hacking into a BT 5 box? Thoughts? Opinions? Extra Questions? Quote Link to comment Share on other sites More sharing options...
Jamo Posted November 17, 2011 Share Posted November 17, 2011 Well I woulnd call bt5 that secure since its build to penetrate into systems, not to be hacked in. but anyway if you use it remember to add a normal user, don't use it as root, and change root password.I would recommend to turn off any archived you don't need, Apache mySQL etc. Btw are you going to install gr8 on your USB stick. Well I think that you should. There are a lot of tutorials but its really easy, you can do t he install on your laptop, boot to bt5 but instead of installing it to your hdd install it to your USB stick. And make sure that bootloader is going to be installed on your USB stick too. Quote Link to comment Share on other sites More sharing options...
int0x80 Posted November 17, 2011 Share Posted November 17, 2011 Run BT5 live via DVD-R and remove the HDD before con. There are other places to store code, but you've removed the most common platforms for persistence mechanisms thereby eliminating most of the threat. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 17, 2011 Share Posted November 17, 2011 (edited) Possibly booting in forensic mode, but that will only stop writes to the disk. Another option is just installing your own, more secure, distro and install the tools you would like to use. Don't keep vital info on your laptop. And here is some advice, if you plan on joining in on hacking people; expect to get hacked yourself... it's part of the "game". Edited November 17, 2011 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
digip Posted November 18, 2011 Share Posted November 18, 2011 I'm with int0x80 on this one, remove the drive and boot off the DVD. Also, once booted, immediately do a passwd and change the default password, or someone can ssh into the damn thing remotely(not 100% sure if SSHd is running by default on the DVD but still a good idea to change the default password!). Also, change the default hostname. Less info you give them the better. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 18, 2011 Share Posted November 18, 2011 Might be faster read/write wise to use persistent USB boot. Quote Link to comment Share on other sites More sharing options...
digip Posted November 18, 2011 Share Posted November 18, 2011 In addition to the other suggestions I'd like to also add, use macchanger as well after booting. Might be faster read/write wise to use persistent USB boot. But someone who could compromise the machine, would also be able to read and write to the thumb drive. Using the live disc with no HDD, means 1, no permanent changes by rouge intruders possibly giving you something you would take home and infect your other machines with, and 2, plausible deniability in the event someone wants to look at his machine for any reason. A reboot removes all traces of everything, except what is stored in ram and they would need a cold boot attack to freeze and dump his memory to gain any traces of what he was doing(other than traced back to mac address or some other identifying info, such as using your name or handle anywhere or as the hostname). Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 18, 2011 Share Posted November 18, 2011 If it is just a BT5 install to USB just used for playing around then what's the harm? Only thing they will get are the stock image of BT5 w/updates lol. Kind of the point with why there is no need for full disk encryption in Linux, just need to encrypt the home folder. Quote Link to comment Share on other sites More sharing options...
digip Posted November 18, 2011 Share Posted November 18, 2011 If it is just a BT5 install to USB just used for playing around then what's the harm? Only thing they will get are the stock image of BT5 w/updates lol. Kind of the point with why there is no need for full disk encryption in Linux, just need to encrypt the home folder. Well, I thought the op was talking about going to hacker conventions and trying to maintain control of the machine in the event he was hacked at the conference, hence removing the HDD, using a live disc vs persistent changes, etc. Quote Link to comment Share on other sites More sharing options...
flood Posted November 19, 2011 Share Posted November 19, 2011 root@bt:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@bt:~# Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.