HackFest Series: Security Distros, Loop Mount ISOs, Remastering and HoneyStick HowTo

Lisa Kachold lisakachold at obnosis.com
Mon Oct 13 18:49:45 MST 2008


You can use a Fedora Core or Ubuntu LiveCD with the new persistence via USB key options.  If you like you can hand install whatever security tools you want!   A LiveCD for security labs is generally just for network and linux security professional use to protect your regular distro and allow you setup things like HoneyPots, Snort Servers, sniffers, scanners or TARGETS (that can't exactly be accidently "hurt" outside of mounting /dev/hda).

Backtrack comes with all the best tools available on Knoppix STD - but old school security users really prefer Knoppix STD, since it's usually used for learning, and they are familiar with those tools.  Many security professionals build their own LiveCD tools - Knoppix STD (or any ISO) can be ISO loop mounted to add drivers for your ethernet, wireless card and  Xorg.conf (tested to work with your monitor and laptop Video cards) and added before burning.   With ISO build experience, or a simple HowTo, 4 hours build and 4 test burns and you will have a nice tool! 

Do your research and see what the kernel and distro the security tool is built on (Knoppix drivers work just sweetly with Knoppix STD).

$ mkdir /media/hackiso
$ mkdir /tmp/hackwork
$ sudo mount -t iso9660 -o loop /tmp/<FILENAME>.iso /media/hackiso/
$ cp /media/hackiso/. /tmp/work

Load up a Knoppix LiveCD and copy the files to the work directory comparing each section to add the drivers.

$ ls -al /media/cdrom

for instance
$ cp /media/cdrom/etc/X11/Xorg.conf /tmp/hackwork/etc/X11/Xorg.conf

Looks good?

Build an ISO:

$ dd if=/tmp/hackwork/ of=knoppix-std-new.iso
Burn and boot test for Xorg.conf that works with your laptop!

<JOKE>: Don't be adding any netcat tunnels or encrypted new passwords for regular users like "daemon" with a ping notice to your private networks to th ISOs you give to others! That will gain you a place on the back page of the 2600 magazine advertising for a penpal from JAIL! </JOKE>

Here's the KNOPPIX Remastering HOWTO (which Explains it well): 
http://www.knoppix.net/wiki/Knoppix_Remastering_Howto

Here's how to build a nice "Honeystick" on a USB key:  
http://www.ukhoneynet.org/research/honeystick-howto/

Netcat, Hydra, honeypot, aircrack, wep-crack, nmap, snort, iptables can be apt-get/yum or rpm installed in any Linux distro.

We just use LiveCD's at the HackFests to play with security tools while semi-protecting our regular systems. 

Doesn't mean you can't install or use Fedora Core or Ubuntu (which allows you to also use a USB key with the LiveCD to save your settings in a persistent state)! 

FedoraCore 9 and Kubuntu are easier to install, since they have more drivers; and easier to expand, giving you a FireFox 3.0 updated browser, etc. 

(Not going to be too secure for you using PHLAX or old Knoppix STD version of Firefox (for regular use) with all the old URI, UTF encoding, PDF and XSS exploits via port 80/443 tunnel right past your OS/networking security to allow people to cruise through your protected browser cache, saved passwords (including LinkSys or Netgear router passwords), and even change system settings, should you surf to the wrong site or get the wrong  email, now is it)? 

I have a Compaq Presario 1235/1236/1237/1238/1240/1250 Series Original Quick Restore if anyone would like to setup a Laptop under old Microsoft for fun?  It is supposed to work in VMWare running on a Nix box too?  

http://wapedia.mobi/en/Obnosis || http://en.wiktionary.org/wiki/obnosis 
 Laugh at this MSN Footer:


_________________________________________________________________
Get more out of the Web. Learn 10 hidden secrets of Windows Live.
http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081014/b7c920d7/attachment.htm 


More information about the PLUG-discuss mailing list