Offense In Depth

Smashing the stack at every layer.

RSS

I've just update the previous blog entry, and the BT5 AMI's page to reflect the addition of the ap-southeast-1 region's AMI.

With this, all regions now have a publicly available BT5 Gnome X86 AMI.

AMI ID	Region	Launch
ami-565d2504	ap-southeast-1

I'm proud to announce the immediate availability of some unofficial BackTrack 5 AMIs.
Amazon's EC2 offers the ability to rapidly launch instances on an as-needed basis, and along with these AMIs allows for remote pentesting from Amazon's cloud. However, be sure to follow Amazon's terms of service, and ensure your activity is authorized. Links to launch the AMIs can be found on the BT5 AMIs page. That page will always link to the most current information available, whereas blog posts (like this one) may be out of date.
There's some information that you may want or need to get started which is outlined below, but first; here's a table of images.

AMI ID	Region	Launch
ami-04be456d	us-east-1
ami-67742622	us-west-1
ami-140d3c60	eu-west-1
ami-565d2504	ap-southeast-1
ami-5c08a25d	ap-northeast-1

First of all, for the time being I'm only release the Gnome x86 build of Backtrack 5. If there's demand, I might consider building KDE of 64-bit images as well. If you're interested, please leave a comment so I can prioritize what's most demanded. Please keep in mind, I'm doing this as an unofficial project in my free time, so it may take some time to set up the remaining instances.

There are a few tweaks from the official BT5 releases which I want to draw your attention to.

SSH

SSHD is enabled by default. This is necessary so that you can actually connect with your instance remotely. It supports only SSH Key authentication, and will import your SSH key as configured through EC2 when launching the instance. The default root password is still 'toor', and I still recommend changing it, but it's not used for initial authentication. You'll find your ssh key in /root/.ssh/authorized_keys after first boot. Due to a design constraint, the key will be added twice but notice it's the same key; no one else has access to your instance unless they have your private key.

VNC

If you prefer to use the Gnome GUI, you can launch VNC. It's pre-installed, and typing 'startvnc' will start it up. Upon first use you'll be prompted to create a VNC password which is unique to your instance. For added security, VNC listens only on loopback and the script uses screen 1 on port 5901. You'll need to set up an SSH tunnel or modify VNC's configuration to listen remotely. When you run 'startvnc' you'll be given an example commandline to use in creating an SSH tunnel.

Kernel

To interoperate with EC's underlying Xen virualization platform, some tweaks were needed from the standard Backtrack 5 kernel configuration. Since I was recompiling the kernel anyhow, I bumped it to version 2.6.39. The EC2 requirements make it likely that installing a kernel update from the Backtrack 5 repositories will cause the machine not to boot, so proceed cautiously. If you care to recompile your own kernel you can do so, just be sure to include the required options per Amazon's documentation. (http://ec2-downloads.s3.amazonaws.com/user_specified_kernels.pdf) In essence, any kernel that supports Xen DomU mode and PVGrub boot should work fine with EC2.

Cloud-init

In order to pull down SSH keys on bootup, and set up the new AMI to run under EC2, these images make use of the Cloud-Init package. (https://launchpad.net/~cloud-init-dev) This package is commonly used in other AMIs (including official Debian and Ubuntu AMIs as well as Amazon's own images) so you may be familiar with it. This also supports supplying start-up configuration data via a YAML syntax in EC2's user-data field.

That's it! I did my best to stay as true to the Backtrack teams initial work, and keep from breaking any functionality in these images. I hope the community finds them useful. Feel free to leave a comment or contact me at jeff@offenseindepth.com with any feedback and I'll do my best to help out.