If you don’t know, BackTrack 3 is a top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.
Back in January we mentioned the BackTrack Live Hacking CD BETA 3 was released, at last the final version is ready for download!
New Stuff in BackTrack 3
SAINT
SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.
Maltego
The guys over at Paterva have created a special version of Maltego v2.0 with a community license especially for BackTrack users. We would like to thank Paterva for co-operating with us and allowing us to feature this amazing tool in BackTrack.
Nessus
Tenable would not allow for redistribution of Nessus on BackTrack 3.
Kernel
2.6.21.5. Yes, yes, stop whining….We had serious deliberations concerning the BT3 kernel. We decided not to upgrade to a newer kernel as wireless injection patches were not fully tested and verified. We did not want to jeopardize the awesome wireless capabilities of BT3 for the sake of sexiness or slightly increased hardware compatibilities. All relevant security patches have been applied.
Tools
As usual, updated, sharpened, SVN’ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions.
Availability
For the first time we distribute three different version of Backtrack 3:
- CD version
- USB version
- VMWare version
You can download BackTrack 3 Final here:
Mirrorservice: bt3-final.iso
Zedz: bt3-final.iso
Or read more here.
Sleepy says
I have been dual booting Backtrack 3 Beta with windows since Jan. when I read the article here. I have since invested in a couple books (off the top of my head I know one is called “Open Source Penetration Testers Toolkit”) that were written mostly for Backtrack. I’m super impressed with the OS, and I couldn’t imagine working without it at this point.
]
Good stuff!
Guess I’ll head over to the forums there and find out if I have to reinstall the final ver. or whathaveya. Thanks Darknet!
Navin says
had used the beta version back in January and was pretty impressed….downloading the CD image now!!
Sleepy says
Same here, I’m grabbing all 3. The VMware image is a nice touch!
Navin says
I’m on a pathetically slow connection right now……probably will download it later
But I din’t really understand why the seperate VMware image?? can’t the CD/USB be used on a virtual desktop?? I’ve never used a virtual workstation so I don’t know much about it
Sleepy says
Running off a cd/usb inside of VMware would kill the RAM and be almost unusable. VMware eats up ram. With the image I can run BT3 pretty decently concurrently with my OS of choice. I’m happy about the image because I can now add it to the VM folder on my workstation clone in minutes then push it out to the workstations before class tomorrow night. Gonna be some happy students in the open source forensics class tomorrow night. ;) Finals for that class are coming up and a portion of the final includes penetrating a lab victim network and completing some tasks “on the inside”. BT3 on VMware will defiantly save them some time.
Navin says
Thanks Sleepy..that clears some stuff up for me!! U a student??
Sleepy says
Yea, Computer Forensics major with a minor in Information Assurance. I’m also employed by the university as the assistant for the Computer Forensics department.
Rightful says
Good stuff here, now they have SAINT in there. The beta was pretty smooth, guess this is going to be even smoother.
@Sleepy don’t get me wrong here, but shouldn’t you guys be learning to compile the tools manually and use them, learning is effective this way, might take some time but its a good practice. Many of those that do this sorta “attacking things” don’t rely on BT3 because as they say manual is the best way to explore. For example I’m assuming that the forensic students are suppose to learn to find clues left behind by attackers, by doing the attacking part themselves. In the case of using backtrack every tool is compiled and ready, a “real” attacker would actually (as far as i’ve seen) like to compile things on the box which leaves a few clues for us to see what they have done, adding more clues to the case leading us to catch them.
Wouldn’t this help them?
Correct me if I’m wrong here, BT3 is meant for professional pen-testers who don’t have much time to compile tools and must finish the task quickly isn’t it?
Sorry for the long posts…:) BT3 rocks
Bogwitch says
@Rightful,
I would not say that BT3 is meant for professional pen-testers. A professional should have a HDD installation with all the tools that they might require, rather than just those included in BT3. Don’t get me wrong, BT3 is a very polished product and I use it myself to check out if I’ve missed anything from my own installation but running from a CD/ USB/ VM Image is restrictive, IMO.
There is no substitute for having your own platform, with the tools YOU require.
BT does have it’s uses. For example, if your assignment will not allow the connection of an additional system to the LAN, booting an existing workstation from BT will give you pretty much all you could want but naturally, on a CD image or similar, you’re not going to fit on that enormous password list, or huge rainbow table, that’s when your own custom machine will come into it’s own.
Oh, and Yah boo sucks to Tenable.
Rightful says
@bogwitch
I agree with you bogwitch, what I was trying to say was that, BT3 helps to do work faster on different environments like your example, but every professional testers should have a specialized HDD installation and not solely relaying on BT 3 .
Tenable is Terrible.
Sleepy says
@right
Without getting lengthy, we are taught to do everything from the ground up. We do our first recovery’s with the most basic utilities possible. The open source forensics class is an advanced class and they are allowed to use any tools they want on the final. I was simply adding BT3 into the picture for them. Thanks for your concern.
Darknet says
Just to butt in my 2 cents….I think BT3 is a great BASE for a HDD installation, you don’t have to only use it as a LiveCD – it’s fairly trivial to install it as a proper OS and then customise it with your settings, configs, extra tools and rainbow tables. I know a lot of people who do this, myself included. It saves a lot of work.
Navin says
tottally agree wid darknet and sleepy….for someone like me who was a total n00b to the wold of hacking, its tools like this that actually help you learn…you can go on an on reading stuff but when U actally get down and dirty you can appreciate the world of ethical hacking. (Even today, many of my friends fear me coz I’ve become popular as a hacker and simply put, that means I’m the devil (just widout the horns and the tail :) ))
Only when you develop interest in the subject can you even think of actually immersing yourself into it and going pro!! C’mon just browse through darknet posts and you’ll see so many comments reading… “this doesn’t work..what do I do?why is it not hacking this email ID?”…..skiddies want everything handed down to them in a step by step method…no learning involved!! and unfortunately for dem, the world of hacking simply doesn’t work like that!!
Right??
Ubourgeek says
This is my fav LiveCD security distro. I can’t wait to fire this new version up and get my grubby paws on Maltego.
Cheers,
U.
zupakomputer says
re: VMware eating up RAM; I’m pretty sure you can tell it exactly how much RAM to use per each virtual machine created – so unless the VM image for BT3 is stuck at x amount of RAM, shouldn’t be a problem.
Sleepy says
Yes, you can set each Virtual Machine to use x amount of ram within its virtual image. That doesn’t account for the ram to run VMware itself, and either way, uses your ram. Now unless your working on a sweet machine, VMware is gonna slow you down.
Stephen Reese says
Killer tool, love the flash drive functionality.
zupakomputer says
Does it not come with the usual recommendations about what RAM you need to run it? I usually find what they say at the sites or on the boxes matches up to what hw specs you need.
I haven’t noticed using it, the college computers had about a gig of RAM and it ran fine there, and you could still do other stuff on the host OS at the same time. It all depends, if you have more cores in your CPU also then it is better at multitasking.
we're Live! don't say **** or ****** says
Is the VMware image just optimised to run in VMware? Does it matter what version / player you use?
What about the USB version, how is it different from the CD; is it just about CDs being limited at ~700meg?
I don’t get the comments here about the VMware image not requiring VMware to run it?! Surely you need to have at least the Player running anyway, to run any virtual images, so it’s going to use the same amount of RAM and whatever else that the virtual machine usually uses.
Jynx Xander says
Darknet, huh. You know anything about WDMA?
lyz says
Wee.. Just got the latest copy this great tool. I am experimenting with Firecat but I got a lot of compatibility problems. So maybe, I’ll stick with Backtrack. ;)
Navin says
Good choice lyz….I frankly think BT is the finest for any security tester!!
@ Jynx, WDMA=Window & Door Manufacturers Association??
or WDMA = WhereDaMoviezAt??
Just kiddin…why WDMA all of a sudden?? why not UDMA
lyz says
Yeah. Although I’m very interested with this line (security testing), resources are very limited. I have books but actual training is really different, for me. I learned mostly because of googling. Lol. Funny but true. I’m not a graduate of any IT related course or any course actually, but I am now working as a Linux sysad here in a small hosting company here in our country. Really out of topic hehe. But I thought I’d just share.
Navin says
heck….big deal…wht abt me den?? I’m a total self made net-security geek… it all started from wanting to learn how phishing actually works…then it went onto social engineering…and then the turning point ….. The art of deception…the book tht got me a whole different look @ the people who dedicate their lives to net security
I donno if U know this……..get ready for this…. I’m 17!! :) :)
Fact is tht most people who actually make discoveries in this feld are self made!!
lyz says
Aryt! Bring it on Navin. You’re considered a whiz kid then. I started working 2 years ago. I was 18 then. Yeah most of the time self studying. I learned from real life experiences and research and development. My boss would like give me cool things to work on. And then I gained knowledge. Really thankful for that.
zupakomputer says
I wondered about that WDMA too, so at that time I looked it up and I guess they must have meant:
http://en.wikipedia.org/wiki/Wavelength_Division_Multiple_Access
or possibly,
http://en.wikipedia.org/wiki/WDMA_%28computer%29