Blackbuntu: Turning My Old Laptop Into a Cyber Weapon

In 2019 I purchased a Dell Inspiron 15 5000 laptop during my sophomore year at college. At the time I knew pretty much nothing about computers. I knew how to install Minecraft mods, and in my mind that made me a power user. However, knowing this sacred knowledge was not enough to stop me from draining the battery dry on my previous laptop. I could not use my previous laptop without keeping it plugged in, and the cord was quite short. Thus, I needed the Dell. Wasteful for sure, seeing as I could have purchased a new battery. But again, I was a "power user."

Unfortunately, I did not learn my lesson with the Dell machine. Three years of writing security policies, creating scuffed Java code, conducting Windows forensic investigations, and opening tons of Google Chrome tabs distracted me from the fact that it was a bad idea to leave the laptop plugged in at all times. Worst of all: Windows 10 was not having a good time with the dilapidated battery.

The laptop went a solid 7 months without use after I graduated in 2022. Then, I acquired an MSP help desk role. The job had me going on-site to different clients every week, and I did not feel like remembering the passwords for the office's old laptops which were in a worse condition than the Dell. I got permission to BYOD, and I went to work. The work consisted of hard drive data transfers, ping tests, and frequent help desk consulting (Googling). I would constantly say to a co-worker, "I feel like I could do all of this with Linux." I had the desire to get my hands dirty with Linux. I ran a Kali VM for Hackthebox machines, not much to write home about. There was no immediate motivator to go out of my way and repurpose the easy Windows box into a learning-curved Linux box.

Then I went to BSIDES Harrisburg 2023.

The Wonderful World of CTFs

On March 11th of this year, I attended my first information security conference: BSIDES Harrisburg 2023. It was a fun time! The conference had three main events: presentations, a lockpicking village, and a CTF competition. A CTF is a penetration testing competition where multiple teams of hackers fight to find the most bugs in a website. I spent all day listening to the presentations and meeting cool people. Despite preparing my laptop for the CTF, I did not participate at all. Nerves were a huge factor in my lack of attendance. However, the idea of spinning up an old Kali VM on a shotty laptop to get absolutely cooked was not appealing (since then I have learned that doing CTFs just to learn rather than win is super valuable).

It was easy to ignore the CTF since the talks given were super engaging. It had left my mind until the end of the day when the event organizers announced the winners of the competition. The winners received a cash prize and access to the OSCP preparation course. The OSCP and the preparation course are quite pricey, so my ears perked up when I heard that this was the prize they were given. Yup, no excuse now. Since I planned to partake in more in-person CTFs, might as well optimize what I'd be bringing to these events.

Ever since I built my PC, I've been a big fan of speed and optimization. It bothers me when VirtualBox or VMWare cannot use a machine to its full potential. Sure, virtual machines have many benefits to it. They're great sandbox environments, they're easy to break and easy to repair, and they revolutionize home labs. However, I wanted to be able to turn on my laptop and have the operating system right there. If I ever wanted to hook my computer up to a high-performing monitor, I wanted to be able to see more than 60 Hz. Little things like this bother me just because I have experienced optimal performance firsthand (I'm also a crazy person).

Why Blackbuntu?

I wanted to try something new and unique. I have been virtualizing Kali for about three years now (even recently switching to Kali Purple!). I also wanted something that could be used for casual use like Spotify or talking with friends on Discord. In my mind, Kali is a Swiss army knife for pen testing and nothing else.

As the name implies, Blackbuntu is a branch of Ubuntu designed for penetration testers and security researchers. It says so on the front page of their website. While yes, both Ubuntu and Kali are based off Debian, Ubuntu has a reputation for being extremely user-friendly.

Ultimately, it's my operating system and I wanted functionality first and foremost. Some will argue to use a low-level Linux distribution and install the tools you need. And that's totally valid! It's what I will do the next time I need to install a new Linux system. The beautiful thing about Linux is you can make it whatever you want to be. Especially if you're a fan of Hannah Montanna.

The Installation Process

1. I downloaded the Blackbuntu ISO here.

2. I used Rufus to create a bootable USB drive. Super simple program. You select the USB device, select your ISO, and hit "START." Just wait for it to do its thing, it will let you know when it's finished.

   

3. I plugged my bootable USB into the laptop and configured the BIOS to run the bootable USB. This is a different process for each computer, but typically you will mash F2, F11, and the DEL keys on your keyboard upon turning your computer on to get to the BIOS.

4. I went through the rest of the Blackbuntu installation process on my computer. It took less time than any Windows installation I've run. Blackbuntu provides easy-to-follow installation documentation.

If you're nervous about installing Blackbuntu, they provide an option to try the operating system without installing it on your system. The system will run from your USB drive plugged in.

An extra step I took was finally replacing my Dell battery. I promise I won't drain it this time!!!

The Distro Review

It's amazing how optimized Blackbuntu is. Ubuntu is already pretty lightweight, and Blackbuntu harmonized with what little my laptop had left. Windows gave me the impression that my laptop was on its dying breath. Blackbuntu somehow optimized my dying battery to get an hour and 30 minutes out of it. In comparison, Windows would only give me 15 minutes off of the fully charged battery.

In terms of pentesting tools, the distribution came with the essentials: Nmap, Hydra, Hashcat, John, Yara, and Wireshark. The full list of tools is here. Even if I was missing a tool a simple

sudo apt install <tool>

in the command line did the job quite well. The three things I installed for casual use were: Discord, Spotify, and VSCode. All of which run flawlessly. Coding in Linux feels much better than Windows if you know your way around the shell.

The system comes with KeePass. It's a decent password manager for its price of $0. It's better than using a browser as a password manager.

Even without the terminal, the desktop environment is easy to get around. The GUI file system is extremely straightforward. When you press the Windows key, an application search bar pops up. You access another desktop environment, something I definitely will not use.

The search bar is quite helpful, it found every relevant application I needed and didn't include web search results.

As I had hoped, the machine was perfect for CTFs. I managed to complete Pilgrimage, an active machine, on Hackthebox using my new toy. There were no OS issues I ran into, and installing the tools needed went smoothly.

The only thing I did not like was the look of the terminal. I went out of my way to modify the Terminal to look and function exactly like Kali's terminal. It was a 15-minute process to get it working as intended.

Finally, upon pressing the power off button, the OS instantly gives you the option to power off rather than take its sweet old time.

Wrapping Up

I am blown away by how smooth this entire experience went. I was able to accomplish everything I wanted (installation & 1 CTF) within two nights. Lately, I've been learning Python using the distribution. I'm hoping to update this blog when I compete in an in-person CTF.

I give the whole experience a 9/10, simply because I'm unsure how the operating system would run games, and gaming is not my intended use case.

I think with any Linux system: you can't be afraid to make mistakes or consult Google. Most issues I ran into were solved with 1 Google search. The best way to learn anything IT related is to not be afraid to press the buttons. I am hoping that with this blog, I can encourage others to try new things! Thank you for reading :)