backtrack 4 - get online - access windows hard drive

Computer security issues, hacker & phreak news, conferences, Q&A, etc.

Computer chat, coding, reviews, hardware or software...

Share your infos!
User avatar
Stevyn
SysOp
Posts:1773
Joined:Mon Nov 09, 2009 10:03 am
Location:Japan
Contact:
backtrack 4 - get online - access windows hard drive

Post by Stevyn » Sun Nov 11, 2012 4:59 am

backtrack 4 starts with network services off thus:

You can go online via Menu -> Services -> NETWORK -> Start NETWORK, then Menu -> Internet -> Wicd.

to access your windows hard drives etc:

http://www.backtrack-linux.org/forums/s ... php?t=2806

The first step to mounting a partition in a Linux system is finding its device name. Devices in linux are represented by files under the /dev directory in the filesystem, and partitions are usually represented as subordinate devices of a volume device. As an example, the hard disk represented by device /dev/hda may have one or more partitions underneath it named /dev/hda1 (partition 1) and /dev/hda2 (partition 2).

Different types of volume devices will also use different device naming conventions. Older style IDE hard drives are usually name /dev/hd[X] where X is a letter from a-z representing the order in which the drives were detected by the system, e.g. /dev/hda for the first hard drive, /dev/hdb for the second and so on. SCSI, SATA and USB drives and some newer IDE drives are usually represented by devices named /dev/sda, /dev/sdb and so on. CD/DVD drives can be represented by a number of different names, such as /dev/scd0, /dev/cd, /dev/cd3, /dev/dvd3, or even /dev/hd[X], depending on whether the drive is SCSI or IDE, its age, etc. Knowing these details will help you in identifying the correct device to mount.

Two ways in which you can find which partitions are recognised by your BackTrack system as well as their device names are to use the fdisk command and to read the contents of the /proc/partitions virtual file.

The examples below show the output from these commands when run from BackTrack 4 Final on a Windows Xp SP2 virtual machine.

Here I can see that my BackTrack system recognises a NTFS partition at device /dev/hda1. That is my Windows "C: drive".



Code:

root@bt:~# fdisk -l

Disk /dev/hda: 4294 MB, 4294967296 bytes
255 heads, 63 sectors/track, 522 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x4f1f4f1e

Device Boot Start End Blocks Id System
/dev/hda1 * 1 521 4184901 7 HPFS/NTFS


Here I can see that my BackTrack system recognises a number of devices as containing partitions, but the only one that looks to match the partition naming convention discussed above is hda1.

Code:

root@bt:~# cat /proc/partitions
major minor #blocks name

7 0 1502416 loop0
3 0 4194304 hda
3 1 4184901 hda1

Based on the output from these commands, /dev/hda1 looks to be the device I need to mount.

Creating a Mount Point and Mounting the Volume

Before we can actually access the files on the partition, we need to tell our BackTrack system that it needs to treat the given device as a device containing a file system, and to do this we need to integrate it into the existing filesystem. A Linux filesystem organises all files under a parent root "/" directory, and all filesystems need to be placed somewhere under this structure to be accessed, using a process called mounting.

We can do this by creating a mount point (really just a directory in the file system), and mounting the device there.

Lets create a mount point using the mkdir command. Convention has us create a directory using the same name as the device under either the /mnt or /media directories, but you can put this elsewhere if you choose.

Code:

root@bt:~# mkdir /media/hda1


Now we mount the volume. The mount command will usually try and autodetect the filesystem to use, but if it cant you can specify one using the -t switch.

Code:

root@bt:~# mount /dev/hda1 /media/hda1


Now we can access files on the volume via our mount point /media/hda1

Code:

root@bt:~# ls /media/hda1
AntDSData Documents and Settings pagefile.sys Savant
AntDSWorkDir IO.SYS Program Files Software
AUTOEXEC.BAT MSDOS.SYS Python25 System Volume Information
boot.ini NTDETECT.COM RECYCLER Test
CONFIG.SYS ntldr rtrace.txt WINDOWS


The specific example I have given above was for accessing a Windows "C: drive" but the general process will work for pretty much any type of media you need to access - you just need to specify the correct parameters.

For more information about mounting volumes, try Google or "man mount". Using "mount" without any parameters will show you the already mounted volumes. If you happen to be running BackTrack as a non root user you will need to use mount options and/or assign correct permissions or group memberships to your user so that they will be able to access the mount volumes. Mount operations themselves always need to be done as root.

I should note that it is also possible to mount volumes in BackTrack by using the GUI, however this is a method I usually avoid because of potential complications in accessing that volume later from the command line.

If you want to stop accessing your mounted volume (so you can safely unplug a mounted USB stick for example), unmount it using the "umount" command, using either the mount point or device name as a parameter, e.g. "umount /dev/sda1" or "umount /media/sda1".
Contact me directly: Ironfeatherbooks (@) gmail.com

Image

Post Reply