The idea for doing this comparison came to me after seeing some back-and-forth on twitter between @attritionorg and @dralijahangiri about the Live Hacking CD. After @attritionorg called the point of the Live Hacking CD into question (when Backtrack 4 is already available), Dr. Ali Jahangiri made claims that “Live Hacking CD is much easier than BackTrack and its tools are updated”, and that “BackTrack is a great Distro but it has tons of tools that you do not use it frequently in PenTest”. Dr. Jahangiri followed this up with an example that there are “old” tools in Backtrack: Kismet.
I had not used the Live Hacking CD before, so I figured that testing out these claims and comparing the two distributions might be worth doing. I’m always interested in new live CDs, both for my own use, and as recommendations for students and others new to infosec. Backtrack 4 is the current pentest-distro-of-choice around here. It’s to the point now that a BT4 install is about as good as anything I’d roll myself for a pen-testing Linux install, and it’s also something I can recommend to the students for lab exercises, and our end-of-semester CTF.
One might ask, why would the Live Hacking folks want to re-invent the wheel? If you are just a user of Backtrack, it may not have occurred to you, but there is a business rationale for competition in the pen-test Live CD arena. The BT4 maintainers, Offensive Security, offer some very well-liked and technical training classes that use Backtrack in a classroom setting. Live Hacking also holds workshops that teach similar material. It would make sense, then, that one training company would not want to have students spending much of their time in class staring at an advertising vehicle for another company.
So, the Live Hacking CD makes sense for the Live Hacking training. They don’t have students sitting and looking at their competitor’s logos throughout class. They can load it up with the specific tools that they teach in the class and update it along with their material. At the NFTC, we’ll likely soon be doing something similar with a forensics live distro, so I definitely “get it”.
The question is: if I am not currently in the Live Hacking training, is their Live CD something that is useful independent of the class? The answer for Backtrack 4, with the new features for cleanly installing and package management, is a resounding “yes”. Backtrack serves as a tough competitor, but Dr. Jahangiri seems to compare the Live Hacking CD favorably to BT4, so let’s take it to task:
Tools
I considered building a table that compared the two sets of tools, but there’s honestly no point. Backtrack 4 is a DVD distribution, giving it a huge advantage over Live Hacking’s CD in this category. You can view a list of tools that are on the Live Hacking CD here, though I am not aware of a list for Backtrack 4 (there is a Backtrack 3 list here, though it’s not quite accurate for BT4).
While Backtrack 4 has all but a few of the tools from Live Hacking (Relay Scanner, for example), there are some interesting omissions from Live Hacking. The Live Hacking CD seems to focus on reconnaissance, spoofing, and wireless tools. It’s missing a lot of vulnerability finding and exploitation tools. For example, it’s very surprising to me to see a live CD meant for penetration testing that does not include the Metasploit framework. I don’t see any web application tools, either.
I’m sure there’s good reason for this on the Live Hacking CD side of things. If you’re building a CD to go along with exercises for a class, there’s no reason to put a tool on the disc that isn’t used in an exercise. This doesn’t make for a good pen-testing disc for general use, though, and I’d have to say that Backtrack 4 wins hands-down on this.
Updates
There was a claim that the tools on the Live Hacking CD are “updated”. I’ll take that as an opportunity to look at how they both handle updates. This cuts to the very nature of each disc, really illustrating how they’re meant for very different purposes.
The Live Hacking CD is heavily based on the Ubuntu Desktop 9.10 ISO. So much so, that VMWare Workstation detects the ISO as being Ubuntu 9.10 and offers to do a quick install. If you check the sources.list, you will find that it even uses Ubuntu’s repositories. Many of the pen-testing tools are installed from Ubuntu’s repositories, and have recent version numbers. If a tool were to be updated in the 9.10 repositories, you would be able to update it in LHCD easily.
Other tools that aren’t in the Ubuntu repos (such as metoscan) or haven’t been updated in a while (Kismet) appear to have been installed manually. To use Dr. Jahangiri’s example, Kismet in LHCD is from the January 2010 release (found by running ‘strings’ on the kismet_server binary). On Backtrack 4, Kismet was built from SVN in July of 2009.
So, Kismet is newer on LHCD than on the Backtrack 4 DVD. On Backtrack, however, Kismet is a package maintained by the BT4 developers. Backtrack, like LHCD, is based on Ubuntu, but unlike LHCD, the Backtrack developers have put a lot of work into setting up their own repositories and providing updates and tools independently of Ubuntu. Because of this, the BT4 developers could, at any time, rebuild Kismet from SVN and you would be able to apt-get it in. If the LHCD maintainers were to update Kismet, it would likely require a new version of the disc.
So, while the Live Hacking CD might have slightly newer versions of some tools, Backtrack 4 has a better framework for keeping those tools up to date.
Ease of Use
I’m not sure how to measure this claim, but I hesitate to say that either one is “much easier” to use than the other. Both are a collection of tools and you either know how to use them, or you don’t. Backtrack 4 is a more popular distro than Live Hacking, and therefore you may be able to find help with problems on Google easier, but there’s not anything inherently easier about one over the other.
A claim was made that “BackTrack is a great Distro but it has tons of tools that you do not use it frequently in PenTest”. If this is part of the argument that LHCD is easier, I would have to disagree. There are many tools in BT4 that I don’t use, but they don’t get in my way, or reduce the ease at which I use the others.
Conclusions
If it weren’t for the claims made about the Live Hacking CD comparing it to Backtrack 4, I probably wouldn’t have looked at the two together or posted about it. It really isn’t anything resembling a close-call. They are two very different beasts.
The Live Hacking CD is a disc designed as a companion to a class, and I’m sure it fits that purpose well. There are good reasons for developing custom live CD’s for classes. It does, however, have limited use outside of the class.
Outside of the classroom, Backtrack 4 is a much better choice, in my opinion. It has a much more comprehensive set of tools, a system for updating them, and a team of developers that are committed to keeping it relevant. Unless you have a very specific need for something else, BT4 is as good as it gets for pen-testing Live CDs.
Nice review! I must say, the outcome was expected. Backtrack is an old player while LHCD being fairly new needs lot efforts to match up to the expectations. While Backtrack had no competition during its inception, LHCD developers have the arduous task of convincing BT users that LHCD is a superior disk.
They should combine forces with the world’s #1 hacker to conquer the world, if you ask me….
Thank you for sparing me from these knock offs. I was watching a previous post of the hacker news network the other day and they were talking about this site: http://www.securityscoreboard.com/ . The owners of Security Scoreboard are trying to build a site for reviewing security tools. Your review made me think of it and I think it would fit in nicely there.
Thanks for a balanced review, as one of the contributors to the Live Hacking CD, I would like to emphasize a few things…
1) Competition is good for everyone, the LHCD has only just come out of beta and is relatively young, where as BT has been around much longer. The LHCD team are looking to release more versions in the future and they are all looking for people who would like to contribute to make the LHCD better.
2) As you quite rightly say “they are two very different beasts” and they are… The LHCD is designed as a first step into the world of information security. It is an area that many IT professionals and managers neglect. The LHCD (and its accompanying book and workshops) are designed to make people more aware of the need for information security training and knowledge. A distro like BT can appear to be big and daunting and so discourage those who want to learn more and start looking at the basic tools and techniques.
3) “Dantevios” comment “Thank you for sparing me from these knock offs” is a bit unfair. The LHCD is not a knock-off in any sense, it has been built from scratch and doesn’t try to imitate or copy BT4 is anyway… It is a new, young and vibrant distro built as an introduction to ethical hacking… How can that be a knock off?
Thanks,
Gary
I prefer to install BT4 instead of live booting it. Most of the tools that come with BT4 are out -dated and need updating when you are going to use them. Using the fasttrack script (/pentest/exploits/fasttrack) saves a lot of time updating.
Reply to Gary Sims:
Technically it has not been built from scratch. It is based of ubuntu’s 9.10 distro. It doesn’t offer hardly any tools that Backtrack doesn’t. And the main killer for me is that it doesn’t even come with the metasploit framework. Now I am all for people offering free security tools, but the reason I am saying they are knock offs is because they pretentious released a live cd for people to use without offering many new features and re-invented the wheel and made it a crappier wheel.
I honestly don’t think that BackTrack 4 appears “big and daunting” to new users, and I don’t really see that as a good argument for having a smaller distribution. Every new user I’ve introduced to BackTrack has been pretty impressed and excited by the large number of tools, started with a handful, and worked their way into the others as-needed. It’s not as though you’re making them use all the tools at once.
[...] Live Hacking CD vs. Backtrack 4 – mcgrewsecurity.com Dr. Ali Jahangiri made claims that “Live Hacking CD is much easier than BackTrack and its tools are updated” [...]
Mind if I chime in here? would be nice if the ethernet interfaces were allready active and ready with dhcp on bootup, seems sort of a hassle to have to manually enabled them thar features everytime you bootup.
Backtrack specifically does not bring up interfaces on bootup, since most penetration testers don’t want to announce their presence on the network immediately. It allows the tester to bring the interfaces up in promiscuous or monitor mode to perform reconnaissance and information gathering before moving on to other phases of attack.
If you have no need for this, just modify the startup scripts to bring up the interfaces.
Hi. nice posts.
i havent try LHCD (though i tried to download back while) stiil i get worry of upgradeability of it.
yet i stop looking for linux std after i got pentoo, bt makes me upset, i cant upgrade bt2 to bt3, bt 3 to bt4 etc, and the iso size is huge.
(good upgrades/docs/ etc)..
i think specialized distro must have a good base linux, after changing distro all the time i finally got stick to gentoo which is i assume a good base
You can get pentoo packages on top of gentoo installation(layman -a pentoo etc.)
or get the livecd. pentoo eat less ram & use enlightenment for window manager.
Ian.
Commenting to an old post, but thanks for the review Wesley. There have been a few attempts to “de-throne” Backtrack but none have really taken off. I have used and continue to use both Backtrack and Pentoo. Pentoo hasn’t seen an update for a while but i enjoy the underlying platform. There was one last year or so called Matruix which started off with lots of steams but just didnt have the dev time behind it. Really crating your own live CD with the tools you use is a very rewarding experience. I highly suggest it.
Offsec is a hard beast to take on… they have Backtrack, the Social-Engineering Framework, Exploit-db, and training. They are even moving into the CTF “space” and have been marketing the BT4 release pretty hard, especially at Blackhat. Makes sense, take over industry critical needs/functions and people will take your training first ($$$).
anyways, moving along….
@Wesley: thanks for giving up some spaces to comment
..
@Jason: yep “Offsec is a hard beast to take on”, techie should have bussiness skills as well to survive(and strive if possible)
and about Pentoo, since gentoo/pentoo is a rolling release you just need to upgrade it and voila! you are on “current”
LHCD is not a superior disk.
As we can see, there are lots of missing tools in there unlike BT, it have many available tools and even some are rarely used, they are also updated.
I think as for now, no other pentesting distro could overcome backtrack unless the developers are pure geniuses.
I reviewed the tools in LHCD, its kinda really missing important tools. Like for penetration attacks like metasploit and other tools that are in BT.
By the way, LHCD is still a good distro.