In this workshop we will install the current release (Backtrack 3 Final) in a virtual environment using VMWare Server. The goal will be to run Backtrack 3 from the hard disk connected to a Wireless USB Adapter and to use the tool Kismet. We will further explain how to collect valid wireless networks and to display them on Google Earth’s worldwide map system.

Hard- and Software used:

Hardware:

• Lenovo 3000 N200, CORE 2 DUO 2x2.0GHz, 160GB HHD, 3 GB RAM

• Realtek8187L USB-WLAN Adapter, max 25dBm

• GlobalSat, BU-353, USB GPS Antenna

Software:

• VMware Server 1.0.6

• Backtrack 3 Final

• kisgearth

Step1: Creating a new virtual machine

We will use Windows XP as the host operating system. You can use up to two USB devices in your virtual machine if both your host operating system and your guest operating system support USB. It is not necessary to install drivers for your USB devices in the host operating system to use those devices only in the virtual machine, but in some cases you want to use it in the Windows environment too. So let’s install them first. Please keep in mind - only one operating system — host or guest — can have control of a USB device at any one time.

Please install a new virtual machine first. Here are very briefly the necessary steps to get this done:

Create a new virtual machine name: BT3

Location: Use the location where you normally store your virtual machines

Use briged networking

Disk size(GB): 8 (do not allocate all disk space, do not split into 2 GB files)

Hardware Add: USB Controller

You configuration should look similar to the image below. Insert the Backtrack Live CD und run it.

To login use the following credentials: user:root, password: toor

Step 2: Hard disk installation

Next, you will need to create the partitions and file systems. The device we are
using is /dev/sda which is 8 gigs in size. We recommend creating 3 partitions. The first partition will be /boot which we will allocate 50 MB which will be mounted as /boot. The second partition will be a swap partition with 512 MB.
The final partition will fill the rest of the disk and be mounted as /.

Please use the following document provided available here or just follow the steps according to the pictures below:

Here are the steps very briefly:

fdisk /dev/sda
mkfs.ext3 /dev/sda1
mkfs.ext3 /dev/sda3

We will now copy the needed directories and files from the Live CD to the hard disk using the following commands.
 
cd /
mkdir /mnt/backtrack
mount /dev/sda3 /mnt/backtrack/
mkdir /mnt/backtrack/boot/
mount /dev/sda1 /mnt/backtrack/boot/
cp --preserve -R /{bin,dev,home,pentest,root,usr,etc,lib,opt,sbin,var} /mnt/backtrack/
mkdir /mnt/backtrack/{mnt,proc,sys,tmp}
mount --bind /dev/ /mnt/backtrack/dev/
mount -t proc proc /mnt/backtrack/proc/
cp /boot/vmlinuz /mnt/backtrack/boot/
chroot /mnt/backtrack/ /bin/bash
splash -s -f /etc/bootsplash/themes/Linux/config/bootsplash-1024x768.cfg >> /boot/splash.initrd

Create a file called /etc/lilo.conf with the following content :

lba32
boot /dev/sda
prompt
timeout=10
change-rules
reset
vga=791
initrd = /boot/splash.initrd
image = /boot/vmlinuz
root = /dev/sda3
label = BackTrack3

Store it and you are ready to run:

lilo -v
exit
reboot

Step 3: Renewing and patching the RT8187L driver

If you reboot your Vmware image, it should recognize the USB WLAN stick out of the box. You just need to connect the USB device to the notebook and to use the VM > Removable Devices menu to connect it to the virtual machine. If you typing “iwconfig”, you will discover a new device called wlan0.

As mentioned above,  our USB device is using a Realtek R8187L chipset. To get the highest transmit power running, we need to upgrade and to patch the driver. The aircrack community provided a nice Howto. Please use it or follow the steps bellow:

ifconfig wlan0 down     
rmmod r8187 rtl8187 2>/dev/null
wget http://dl.aircrack-ng.org/drivers/rtl8187_linux_26.1010.zip
unzip rtl8187_linux_26.1010.zip
cd rtl8187_linux_26.1010.0622.2006/
wget http://patches.aircrack-ng.org/rtl8187_2.6.24v3.patch
tar xzf drv.tar.gz
tar xzf stack.tar.gz
patch -Np1 -i rtl8187_2.6.24v3.patch

wget http://www.offensive-security.com/modules/kernel.lzm
lzm2dir kernel.lzm /

make
make install

After rebooting the system, you will be able to use the new driver including the highpower settings.

The transmit power can be adjusted using the following command:

iwconfig wlan0 txpower <value of 0 to 25>

WARNING: Enabling high power can damage or destroy your wireless device. Use this feature at your own risk!

To enable high power use:
iwpriv wlan0 highpower 1

To enable high power use:
iwpriv wlan0 highpower 0

The current status you should check with the following command:
iwlist wlan0 txpower