What could make BackTrack better? How about making it Debian based with a repository chock full of security tool goodness? Maybe even use Ubuntu’s repos for regular system updates? Well that’s just what the team at Remote Exploit have done with the fourth incarnation of their infamous live pentesting distribution:
Now based on Debian core packages and utilizing the Ubuntu software repositories, BackTrack 4 can be upgraded in case of update. When syncing with our BackTrack repositories, you will regularly get security tool updates soon after they are released.
New Features
- Kernel 2.6.28.1 with better hardware support.
- Native support for Pico e12 and e16 cards.
- Support for PXE Boot
- SAINTexploit
- MALTEGO
- Custom rtl8187 patches
- Broader wireless injection support
- Unicornscan
- RFID support
- Pyrit CUDA
- Other new and updated tools
Screenshots
BT4 is available as a DVD ISO [854MB] or VMware Image [1GB]
Download
Hint: Use a download manager or something with resume. Their mirrors are getting hit pretty hard as you can imagine.
I started blogging (on a different domain) a year ago, mainly as a way to share some of the interesting stuff I’d found while out on the network. I only posted here and there, and eventually tried to monetize it, which didn’t go over well with my gracious middle man host. I bought this domain, and moved all my stuff over. Everything seemed fine, until I tried to monetize it again… this time Google would have the last laugh however and they took everything I made from another type of 0-day release.
I kind of lost focus during that whole ordeal, and began posting crap… So, to try to make up for it, I’ve posted a few new bugs these last few days.
Here’s a roundup, along with 3 new ones:
phpLD 3.3 (page.php name) Blind SQL Injection Vulnerability
Link directories are cancer and should be treated as such.
ClaSS < =0.8.60 File Disclosure/Download
Not much to say here, but props to the dev guy who got the patch out in no time flat.
BloofoxCMS 0.3.4 File Inclusion
Nothing amazing, turn on JS if you can’t get it to work 
Injader CMS 2.1.1 (id) Remote SQL Injection Vulnerability
Props to Ben for getting this all patched up and even going through to find some stuff I missed.
Constructr CMS < = 3.02.5 Stable Multiple Remote Vulnerabilities
What happens when you develop your apps on a Mac?
