STD software list
Tools Are Grouped As Follows:
Authentication / usr / bin / auth /
FreeRadius 0.9.3: GPL Radius Server
Encryption / USR / BIN / CRYPTO /
2c2: multiple plaintext -> one ciphertext 4c: as with 2c2 (think plausible deniability) acfe: traditional cryptanalysis (like Vigenere) cryptcat: netcat encryption gifshuffle: stego tool for gif images gpg 1.2.3: GNU Privacy Guard ike-scan: VPN fingerprinting mp3stego: stego tool for mp3 openssl 0.9.7c outguess: stego tool stegbreak: brute-force stego'ed JPG stegdetect: discover stego'ed JPG sslwrap: SSL wrapper stunnel: SSL wrapper super-freeSWAN 1.99.8: kernel IPSEC support TEXTO: MAKE GPG ASCII-ARMOUR LOOK LIKE WEIRD ENGLISH XOR-Analyze: Another "Intro to Crytanalysis" Tool
Forensics / USR / BIN / Forensics /
sleuthkit 1.66: extensions to The Coroner's Toolkit forensic toolbox autopsy 1.75:. Web front-end to TASK Evidence Locker defaults to / mnt / evidence biew:. binary viewer bsed: binary stream editor consh: logged shell (from FIRE) coreography: analyze core files dcfldd: US DoD Computer Forensics Lab version of dd fenris: code debugging, tracing, decompiling, reverse engineering tool fatback: Undelete FAT files foremost: recover specific file types from disk images (like all JPG files) ftimes: system baseline tool (be proactive) galleta: recover Internet Explorer cookies hashdig: dig through hash databases hdb: java decompiler mac-robber: TCT's graverobber written in C md5deep: run md5 against multiple files / directories memfetch: force a memory dump pasco: browse IE index.dat photorec : Grab Files from Digital Cameras ReadDBX: Convert Outlook Express .dbx Files To Mbox Format Readoe: Convert Entire Outlook Express .directory to Mbox Format Rifiuti: Browse Windows R ecycle Bin INFO2 files secure_delete: securely delete files, swap, memory .... testdisk: test and recover lost partitions wipe:. wipe a partition securely good for prep'ing a partition for dd and other typical system tools used for forensics (dd , LSOF, STRINGS, GREP, ETC., FireWall / USR / BIN / FW /
blockall: script to block all inbound TCP (excepting localhost) flushall: flush all firewall rules firestarter: quick way to a firewall firewalk: map a firewall's rulebase floppyfw: turn a floppy into a firewall fwlogwatch: monitor firewall logs iptables 1.2.8 gtk- Iptables: Gui Front-End Shorewall 1.4.8-RC1: iptables based package
Honeypots / USR / BIN / HONEYPOT /
Honeyd 0.7 Labrea: Tarpit (Slow to a crawl) Worms and port scanners THP: Tiny Honeypotids / USR / BIN / IDS /
snort 2.1.0: everyone's favorite networks IDS ACID: snort web frontend barnyard: fast snort log processor oinkmaster: keep your snort rules up to date hogwash: access control based on snort sigs bro: network IDS prelude: network and host IDS WIDZ: wireless IDS, AP and Probe Monitor Aide: Host Baseline Tool, Tripwire-Esque Logsnorter: Log Monitor Swatch: Monitor Any File, Oh Like Say Syslog Sha1Sum MD5Sum Syslogd
NetWork Utilities / USR / BIN / NET-UTILS /
LinNeighboorhood: browse SMB networks like windows network neighborhood argus: network auditor arpwatch: keep track of the MACs on your wire cdpr: cisco discovery protocol reporter cheops: snmp, network discovery and monitor tool etherape: network monitor and visualization tool iperf: measure IP performance ipsc: IP subnet calculator iptraf: network monitor mrtg: multi router traffic grapher mtr: traceroute tool ntop 2.1.0: network top, protocol analyzer rrdtool: round robin database samba: opensource SMB support tcptrack: track existing connections
Password Tools / USR / BIN / PWD-TOOLS /
john 1.6.34: John the Ripper password cracker allwords2: CERIAS's 27MB English dictionary chntpw: reset passwords on a Windows box (including Administrator) cisilia: distributed password cracker cmospwd: find local CMOS password djohn: distributed John the Ripper pwl9x: crack Win9x password Files rcrack: Rainbow CRACK
Servers / usr / bin / servers
Apache Ircd-Hybrid Samba Smail Sshd VNC Net-SNMP TFTPD Xinetd
Packet Sniffers / USR / BIN / SNIFF /
aimSniff: sniff AIM traffic driftnet: sniffs for images dsniff: sniffs for cleartext passwords (thanks Dug) ethereal 0.10.0: the standard includes tethereal ettercap 0.6.b:. sniff on a switched network and more filesnarf:. grab files out of NFS traffic mailsnarf: sniff smtp / pop traffic msgsnarf: sniff aol-im, msn, yahoo-im, irc, icq traffic ngrep: network grep, a sniffer with grep filter capabilities tcpdump: the core of it all urlsnarf: log all urls visited on The Wire Webspy: Mirror All Urls Visited by a Host In Your Local Browsertcp Tools / USR / BIN / TCP-TOOLS /
arpfetch: fetch MAC arping: ping by MAC arpspoof: spoof arp arpwatch: montior MAC addresses on the wire despoof: detect spoofed packets via TTL measurement excalibur: packet generator file2cable: replay a packet capture fragroute: packet fragmentation tool (thanks again Dug) gspoof : packet generator hopfake: spoof hopcount replies hunt: tcp hijacker ipmagic: packet generator lcrzoex: suite of tcp tools macof: flood a switch with MACs packetto: Dan Kaminsky's suite of tools (includes 1.10 and 2.0pre3) netsed: insert and replace strings in Live Traffic Packet: Packet Generator TCPKILL: DIE TCP, DIE! TCPREPLAY: Replay Packet Captures
Tunnels / usr / bin / tunnels /
cryptcat: encrypted netcat httptunnel: tunnel data over http icmpshell: tunnel data over icmp netcat: the incomparable tcp swiss army knife shadyshell: tunnel data over udp stegtunnel: hide data in TCP / IP headers tcpstatflow: detect data tunnels tiny shell: small encrypted shell
Vulnerability assessment / usr / bin / vuln-test /
. Way too many to list them all There's much from THC, ADM, RFP, NMRC, TESO, Phenoelit Be very careful with these tools Remember, no guarantees are offered and you are entirely responsible for your own actions.ADM tools:.. Like ADM-smb and ADMkillDNS amap 4.5: maps applications running on remote hosts IRPAS: Internet Routing Protocol Attack Suite chkrootkit 0.43: look for rootkits clamAV: virus scanner update your signatures live with freshclam curl:. commandline utility for transferring anything with a URL exodus: web application auditor ffp: fuzzy fingerprinter for encrypted connections firewalk: map a firewall rulebase hydra: brute force tool nbtscan: scan SMB networks ncpquery: scan NetWare servers nessus 2.0.9:. vulnerability scanner update your plugins live with nessus-update-plugins nikto : CGI Scanner NMap 3.48: The Standard in Host / Port Enumeration P0F: Passive OS Fingerprinter Proxychains: CHAIN TOGETHER MULTIPLE PROXY Servers RPCINFO: HMMMM .... INFO from RPC? screamingCobra: CGI scanner siege: http testing and benchmarking utility sil: tiny banner grabber snot: replay snort rules back onto the wire test your ids / incidence response / etc syslog_deluxe:.. spoof syslog messages thcrut: THC's "? r you there" network Mapper VMAP: Maps Application Versions Warscan: Exploit Automation Tool Xprobe2: Uses ICMP for Fingerprinting YAPH: YET Another Proxy Hunter ZZ: Zombie Zapper Kills DDoS Zombies
Wireless Tools / USR / BIN / WIRELESS /
airsnarf: rogue AP setup utility airsnort: sniff, find, crack 802.11b airtraf: 802.11b network performance analyzer gpsdrive: use GPS and maps kismet 3.0.1: for 802.11 what else do you need kismet-log-viewer:? manage your kismet Logs Macchanger: Change Your Mac Address WellenReiter: 802.11b Discovery And Auditing Patched Orinco Drivers: Automatic (No Scripts Necessary) Below is the software of LocalaReaseCurfity, no classification
ISIC - http://www.packetfactory.net/projects/isic/linneighborhood - http://www.bnro.de/~schmidjo/sara - http://www-arc.com/sara/admsmp - ftp: / /freesd.net/admsnmp - ftp://freesd.net/aide - http://www.cs.tut.fi/~rammer/aide.htmlairsnort - http://airsnort.shmoo.com/amap - http: //www.thc.org/releases.phpangst - http://angst.sourceforge.net/argus-clister.com/argus/argus-server - http://www.qosient. COM / Argus / Arptool - http://users.hotlink.com.br/lincoln/arptool/rpwatch - http://www.securityfocus.com/tools/142atamelwlandriver - http://atmelwlandriver.sourceforge.net/news. Htmlautopsy / Sleuthkit - http://www.sleuthkit.org/bass - http://www.securityfocus.com/tools/394bfbtester - http://bfbtester.sourceforge.net/biew - http://biew.sourceforge. Net / en / book.htmlbinutils - http://sources.redhat.com/binutils/bruth - http://bruth.sourceforge.net/bsed - http://www1.bell-labs.com/project/wwexptools/ Bsed / cabextract - http://www.kyz.uklinux.net/cabextract.phpccrypt - http://quasar.ma THSTAT.UOTTAWA.CA/~ Selinger/ccrypt/cflow - http://net.doot.wisc.edu/~pl/cflow/cgrep - http://www1.bell-labs.com/project/wwexptools/cgrep/ Cheops - http://www.marko.net/cheops/chkrootkit - http://www.chkrootkit.org/clamav - http://clamav.elektrapro.com/cmospwwd - http://www.cgsecurity.org/ INDEX.HTML?
CMOSPWD.HTMLCRANK - http://crank.sourceforge.net/about.htmlcryptcat - http://sourceforge.net/projects/cryptcat/cscope - http://cscope.sourceforge.net/cURL - http: // curl. Haxx.se/darkstat - http://members.optushome.com.au/emikulic/neet/darkstat/disco - http://www.altmode.com/disco/dlint - http://www.domtools.com/ DNS / DLINT.SHTMLDRIFTNET - http://www.ex-parrot.com/~chris/driftnet/dsniff - http://naughty.monkey.org/~dugsong/dsniff/ecHoping - http: //echoping.sourceforge. Net / ethereal- http://ethereal.com/ttercap - http://ettercap.sourceforge.net/ettercap-gtk - http://www.dnetc.org/?s kettercapfarpd - http: //packages.debian . Http://razor.bindview.com/tools/fenris/findutils - http://www.gnu.org/software/findutils/findutils.htmlfirewalk - http: // www .packetfactory.net / firewalk / foremost.sourceforge.net/fping - http://www.fping.com/fragroute - http://www.monkey.org/-dugsong/fragroute/gkismet - http://gkismet.sourceforge.net/gnupg - http://www.gnup g.org/gpa - http://www.gnupg.org/ (EN )/related_software/gpa/index.htmlhackbot - http://freshmeat.net/projects/hackbot/?topic_id=
87% 2C43% 2C861Hammerhead - http://hammerhead.sourceforge.net/hlfl - http://www.hlfl.org/hping2 - http://www.hping.org/httptunnel - http: //www.nocrew. org / software / httptunnel.htmlhttpush - http://sourceforge.net/projects/httpushhunt - http://packages.debian.org/stable/net/hunt.htmlidsa / idsaguardgtk - http: //jade.cs.uct. Ac.za/idsa/idswakeup - http://www.hsc.fr/ressources/outils/idswakeup/iptraf - http://cebu.mozcom.com/riker/iptraf/john - http://www.openwall. COM / JOHN / KISMET - http://www.kismetwireless.net/knocker - http://knocker.sourceforge.net/libdbx - http://sourceforge.net/projects/ol2mboxlibpst - http://sourceforge.net/ projects / ol2mboxltrace - http://freshmeat.net/projects/ltrace/?topic_id=846,47macchanger - http://www.alobbs.com/modules.php?op=modload&name=macc&file=indexmacrobber - http: // www .Sleuthkit.org / mac-robber / desc.phpmc - http://www.ibiblio.org/mc/md5deep - http://md5deep.sourceforge.net/memfetch - http://themes.freshmeat.net/Projects / MEMFETCH /? TOPIC_ID = 43% 2C45% 2C47% 2C83 6% 2C136MIELIEKOEK.PL - http://packetstormsecurity.nl/unix/security/mieliekoek.plminicom - http://hegel.ittc.ukans.edu/topics/linux/Man-pages/man1/minicom.1.htmlmrtg - Http://mrtg.hdl.com/mrtg.htmlnasm - http://sourceforge.net/projects/nasmnast - http://www.aimsniff.com/about.htmlnbtscan - http://www.inetcat.org/ Software / nbtscan.htmlnessus - http://nessus.org/net-snmp - http://net-snmp.sourceforge.net/netcat - http://www.atstake.com/research/toLS/network_utilities/netsed - http://freshmeat.net/projects/netsed/?topic_id=
43ngrep - http://ngrep.sourceforge.net/nmap - http://www.insecure.org/nmap/ntfstools - http://linux-ntfs.sourceforge.net/ntfstools - http: // linux-ntfs. SourceForge.Net/NTOP - http://www.ntop.org/ntop.htmlntreg - http://razor.bindview.com/tools/index.shtmlopenssl - http://www.openssl.org/p0f - http: //www.sans.org/resources/idfaq/p0f.phppackit - http://packit.sourceforge.net/paketto - http://www.doxpara.com/read.php/code/paketto.htmlpartImage - http: //www.partImage.org/index.en.htmlpasmal - https://sourceforge.net/projects/pasmal/pnscan - http://freshmeat.net/projects/pnscan/?topic_id=
87% 2C150% 2C861PV - http://packages.debian.org/unstable/UTILS/PV.htmlraccess - http://salix.org/raccess/rarpd - http://packages.debian.org/testing/net/ Rarpd.htmlrats - http://www.cisecurity.org/bench_ciscurity.org/bench_cisco.htmlrda - http://md5sa.com/downloads/rda/index.htmrdesktop - http://www.rdesktop.org/recover - http: // Recover.sourceforge.net/linux/recover/router-audit-tool - http://packages.debian.org/unstable/admin/router-audit-tool.htmlrrdtool - http://people.ee.ethz.ch/ ~ oetiker / webtools / rrdtool / samba - http://us3.samba.org/samba/samba.htmlscanerrlog - http://www.librelogiciel.com/software/ScanErrLog/action_Presentationscanlogd - http://www.openwall.com / scanlogd / scansort - http://www.geocities.com/southbeach/pier/3193/scansort.htmlscanssh - http://www.monkey.org/~provos/scanssh/scli - http: //www.ibr. Cs.tu-bs.de/projects/scli/screamingcobra.pl - http://cobra.lucidx.com/sendip - http://www.earth.li/ProjectPurple/Progs/sendip.htmlshorewall - http: // Www.shorewall.net/sing - http://packages.debian.org /unstable/neet/sing.htmlsmb-nat - http://packages.debian.org/unstable/admin/smb-nat.htmlsmokeping - http://people.ee.ethz.ch/~Oetiker/webtools/smokeping/webtools/smokeping/webtools/smokeping Sniffit - http://reptile.rug.ac.be/~coder/sniff/sniffit.htmlsnort - http://www.snort.org/socat - http://www.dest-unreach.org/socat/speak -freely - http://www.speakfreely.org/splint - http://lclint.cs.virginia.edu/ssh - http://openssh.org/ssldump http://www.rtfm.com/ssLDUMP/ Stegdetect - http://www.outguess.org/detection.phpsteghide - http://steghide.sourceforge.net/strace - http://www.liacs.nl/~wichert/strace/stunnel - http: // www .stunnel.org / sudo - http://www.courtesan.com/sudo/swatch - http://swatch.sourceforge.net/tcpdump - http://www.tcpdump.org/tcpflow - http:
//www.circlemud.org/~jelson/software/tcpflow/tcpreplay - http://tcpreplay.sourceforge.net/tcptrace - http://www.tcptrace.org/TETSTDISK - http://www.cgsecurity.org /index.html?testDisk.htmlvalgrind - http://developer.kde.org/~sewardj/vlad - http://razor.bindview.com/tools/vlad/index.shtmlvnc - http://www.uk. Research.att.com/vnc/vomit - http://vomit.xtdnet.nl/warscan - http://razor.bindview.com/tools/desc/warscan_readme.htmlwellenreiter - http://www.wellenreiter.net/ Xprobe - http://www.sys-security.com/zodiac http://www.team-teeso.net/projects/zodiac/ 1, heavy enrollment Knoppix
Knoppix is a Debian-based Linux, there are many articles on the Knoppix re-customizing the online, I am actually just the records you have.
1, unpacking ISO
There is no vacant machine or empty partition that can only be tossing with a virtual machine. Add a new Linux system to the VPC, select the memory size, hard disk image file, then start this system, in the menu CD -> Capture Image ... Select Knoppix_v3.2-2003-05-03-en.ISO .
Start Option Enter Knoppix 2 Enter the character mode, divide the / dev / hda with fdisk, 5 G should be sufficient, then create a file system with mkfs.ext2 to / dev / hda1. On this partition Mount:
# mount -o rw / dev / hda1 / mnt / hda1
Establish a work directory:
# MKDIR / MNT / HDA1 / KNX
# MKDIR -P / MNT / HDA1 / KNX / MASTER / KNOPPIX
# MKDIR -P / MNT / HDA1 / KNX / SOURCE / KNOPPIX
If the machine does not have enough memory, you should create a swap file because the compressed file will be written to memory because the last compressed file system:
# CD / MNT / HDA1 / KNX; DD IF = / dev / zero of = swapfile bs = 1M count = 750; mkswap swapfile; swapon swapfile
Copy the Knoppix file, the P parameter of the CP is to keep all the properties of the file, where the copy will continue to be longer.
# cp -rp / knoppix / * / mnt / hda1 / knx / source / knoppix
The following copy is to restore the ISO after re-compiling the kernel. Otherwise, just copy boot.img.
# CD / CDROM / Knoppix
# cp Boot.img Boot.cat Knoppix / MNT / HDA1 / KNX / MASTER / KNOPPIX
Enter the Chroot environment for Knoppix's big knife cut:
# Chroot / MNT / HDA1 / KNX / SOURCE / KNOPPix
2, crop and replacement
After entering the Chroot environment, PROC on MOUNT:
# Mount -t Proc / Proc Proc
Configure a good network ready. Since all packages are maintained by the APT system, all packages may need to modify the /etc/apt/sources.list file, and the speed of speed is used. Then use the APT-GET -PURGE Remove Program command to delete unwanted stuff, reducing space to installing other things you want. / usr / share / doc This catalog is also relatively large, more than 100 M, also smashed.
You can find some packages that are no longer associated by executing DEBORPHAN, which can also be securely deleted.
Because you want Knoppix to fit the bridge for Honeynet Genii, you must call the kernel:
# APT-GET Install kernel-source-2.4.20
# APT-GET Install kernel-patch-xfs
# wget
http://users.pandora.be/bart.de.schuymer/ebtables/v2.0/v2.0./ebtables-v2.0.003_vs_2.4.20.diff
# wget
Http://users.pandora.be/bart.de.schuymer/ebtables/br-nf/bridge-nf-0.0.10-against-2.4.20.diff
# TAR JXF KERNEL-SOURCE-2.4.20.tar.bz2
# CP Linux / .config kernel-source-2.4.20 /
# rm Linux
# ln -s kernel-source-2.4.20 linux
# cd Linux
# ../kernel-patches/All/apply/xfs
# Patch -p1 <../ebtables-v2.0.003_vs_2.4.20.diff
# Patch -p1 <../bridge-nf-0.0.10-against-2.4.20.diff
We use the Knoppix kernel profile .config, here you should pay attention to the Ebtables patch must be hit in Bridge-NF, otherwise it will be wrong.
# Make MenuConfig
In the kernel options, 802.1d ethernet bridging and related options are selected, others can change customization according to their own needs, perform this step to play Knoppix kernel patches:
# Patch -p1 <../knoppix-kernel.patch
Then compile the kernel:
# Make Dep
# Make Bzimage
# Make Modules
# Make ModuLs_Install
Compilation modules take a lot of time. After installation, you can delete the Konippix's original kernel:
# rm -rf /usr/src/linux-2.4.20-XFS
# rm -rf /lib/modules/2.4.20-xfs
# rm -rf / boot / *
# RM / VMLinuz
Tit the new kernel:
# cp system.map /boot/system.map-2.4.20
# CP Arch / i386 / boot / bzimage /Boot/Vmlinuz-2.4.20
# cd / boot
# ln-s system.map-2.4.20 system.map
# ln -s vmlinuz-2.4.20 VMLinuz
# CD /
# ln -s boot / vmlinuz-2.4.20 VMLinuz
You must recompile the CLOOP.O module with a new kernel:
# CD / TMP
# wget
http://www.knopper.net/download/knoppix/cloop_0.68-2.tar.gz
# TAR XZF CLOOP_0.68-2.tar.gz # cd cloop-0.68
# make kernel_dir = / usr / src / linux
Since Knoppix starts the system via boot.img, you must modify it, press Alt F2 to enter another non-Chroot's shell, copy boot.img to:
# cp /mnt/hda1/knx/master/knoppix/boot.img / mnt / hda1 / knx / source / knoppix / var / tmp
Change it in Chroot's shell environment.
# CD / TMP
# mkdir boot mroot
# mount boot.img boot -t msdos -o loop = / dev / loop0
# cp boot / miniroot.gz.
# gzip -d miniroot.gz
# mount miniroot mroot -t ext2 -o loop = / dev / loop1
# cp /tmp/cloop-0.68/cloop.o / tmp / mRoot / modules /
Since my kernel is large, the sure is to support the SCSI CD-ROM drive, and the speed will be a lot of speed when starting:
# rm -rf / tmp / mroot / modules / SCSI
Modify / TMP / MROOT / LinuxRC, set SCSI_Modules = "".
In fact, you can use WinImage to expand boot.img, then these things can be easily placed, with multiple start image files, more choices. Note that the image file name is to use 8.3 format, followed by DiskemU only using this format.
Package MINIROOT:
# umount / tmp / mroot
# Gzip -9 miniroot
# cp miniroot.gz boot /
Turn your new kernel image:
# cp /boot/vmlinuz-2.4.20 / tmp / boot / vmlinuz
Modify the default VMLinuz settings of the syslinux.cfg file in the / tmp / boot directory, change the lang = us to LANG = CN 2, change the following LANG = US to LANG = CN. This way, Knoppix is rebooted, defaults to the language attribute to Chinese, and the character mode is used by default, and there is no need to start to enter XWindow.
You can also modify the Boot.msg, F2, and LOGO.16 of the / TMP / BOOot. This new boot.img can boot the Knoppix to the new kernel, refill first, then install the driver related to the kernel under the new kernel. Exit the Chroot environment, re-produce ISO with new boot.img:
# cp /mnt/hda1/knx/source/knoppix/var/tmp/boot.img /mnt/hda1/knx/master/knoppix/boot.img
# CD / MNT / HDA1 / KNX /
# mkisofs -pad -l -r -j -v -v "knoppix" -b knoppix / boot.img -c knoppix / boot.cat -hide-rr-moved -o /mnt/hda1/knx/knoppix.iso / MNT / HDA1 / KNX / MASTER
Making the ISO speed is relatively fast, transmit /mnt/hda1/knx/knoppix.iso to your own system, then start the virtual machine with this ISO.
3, update and install new drivers
After restarting, you can use uname -a to see if it is already a new kernel.
Enhance support for wireless network cards. The default Linux is a wireless network card that does not support Atmel chip, there is an additional installation, here is an unofficial release version: # chroot / mnt / hda1 / knx / source / knoppix
# CD / TMP
# wget
http://atmelwlandriver.sourceforge.net/snapshots/atmelwlandriver-ss-20030507.tar.gz
# tar xzf atmelwlandriver-ss-20030507.tar.gz
# cd atmelwlandriver
# make config
Build All [Y / N] <- The choice y compiled all the drivers.
# Make All
# make install
For the Drive Linux of ORINOCO, the default driver does not support the wireless network card Monitor mode, the Airsnort master provides the corresponding patch, can be picked up by patching the PCMCIA-CS, which can also drive the Orinoco driver patch, so Simple:
# CD / TMP
# wget
http://ozlabs.org/people/dgibson/dldwd/orinoco-0.13b.tar.gz
# wget
http://airsnort.shmoo.com/orinoco-0.13B-PATCHED.DIFF
# tar xzf orinoco-0.13b.tar.gz
# cd orinoco-0.13b
# patch -p1 <../orinoco-0.13b-patch.diff
# Make
# make install
Linux-WLAN-NG drivers are also updated:
# CD / TMP
# wget
ftp://ftp.linux-wlan.org/pub/linux-wlan-ng/linux-wlan-ng-0.2.1-pre5.tar.gz
# TAR XZF Linux-WLAN-NG-0.2.1-pre5.tar.gz
# CD Linux-WLAN-NG-0.2.1
# Make config <- This can basically put all the drivers plus
# Make All
# make install
Prism's chip can also use ORINOCO driver, if you confirm that some NIC can modify the / etc / pcmcia / config file, use the driver to change, such as the network card of Compaq WL100, can use Orinoco driver, you can change it to make:
Bind "Prism2_CS"
In this way in inserting the COMPAQ WL100 will use Linux-WLAN-NG drivers, other network cards can also be modified, but you have to know the chip used by the NIC.
4, XWindow desktop environment modification and Chinese
Knoppix uses KDE by default as a desktop environment, which is too big. In addition to fluxbox, wmake, TWM, delete all other desktop environments, FVWM is also very nice, install directly with APT. Use fluxbox as the default desktop. The input method uses Fcitx, very nice, and has entered the debian SID, it is convenient for updating. Modify /etc/init.d/knoppix-autoconfig 1026 lines near the value of Desktop variables are changed as follows:
# Also Read Desired Desktop, IF ANY
Desktop = "$ (getBootParam Desktop 2> / dev / null)"
# Allow only supported WINDOWMANAGERS
Case "$ Desktop" IN FVWM | WindowMaker | WMaker | FLUXBOX | TWM) ;; Desktop = "fluxbox" ;; esacknoppix About xWindow script actually executed /etc/x11/xsession.d/45xsession, there is Start a function of various desktops, such as Startkde (). You need to add a similar function to FVWM, completely copy StartFluxbox (). STARTKDE () can be deleted to save space.
Modify the last part of the 45xSession file:
IF ["$ lGuage" = "cn"]; then
Export XModifiers = @ im = fcitx
/ usr / bin / fcitx &
Fi
Case "$ desktop" in
FVWM | FVWM) STARTFVWM ;;
FLUXBOX | FLUXBOX) STARTFLUXBOX ;;
WindowMaker | WMAKER | WindowMaker | WMAKER ["$ freeMem" -ge "35000"] && startwindowmaker || StartTWM lowMem 64 ;;;;
TWM | TWM) STARTTWM ;;;;;;
*) STARTTWM INVALIDWM ;;;;;;;
ESAC
There are still many places where this script can be modified. Maybe you also need to modify the /etc/init.d/xsession script, and more.
The font uses SIMSUN and uses Firefly patch, you can download here:
http://debian.ustc.edu.cn/dev/
Modify /etc/gtk/gtkrc.zh_cn:
STYLE "gtk-default-zh-cn" {
Fontset = "-Misc-SIMSUN-Medium-R-NORMAL - 14- * - * - * - * - * - ISO10646-1, /
-MISC-SIMSUN-MEDIUM-R-NORMAL - 14 - * - * - * - * - * - ISO10646-1
}
Class "gtkwidget" style "gtk-default-zh-cn"
Modify /etc/init.d/xsession, the default use root user starts X.
5, Honeynet function
# MKDIR / HONEYNET
# wget
http://honeynet.xfocus.net/papers/honeynet/tools/snort_inline.tgz
# wget
http://honeynet.xfocus.net/papers/honeynet/tools/sebeksniff-2.0.1.tar.gz
# wget
http://honeynet.xfocus.net/papers/honeynet/tools/sebek-linux-2.0.1.tar.gz
# APT-GET Install Swatch
# APT-GET Install Honeyd
Adjust it later.
6, generate compressed file system
It is recommended to upgrade and clean the garbage before the system is recommended.
# APT-GET -U Upgrade <- Here to note that some service types of software add boot startup scripts, you can use Update-Rc.D to delete.
# APT-GET CLEAN
Update association:
# Updatedb
# umount / proc
Repair file system after exiting the Chroot environment:
# mkisofs -r -u -v "knoppix.net filesystem" -p "knoppixwww.knoppix.net" -hide-r-moved -cache-inodes -no-bak -pad / mnt / hda1 / knx / source / knoppix | Nice -5 / usr / bin / create_compressed_fs - 65536> / mnt / hda1 / knx / master / knoppix / knoppix
Second, make WinPE
As a tool disk, if there is a Windows environment, WinPE solves this problem.
Customized a WinPE is very easy, the English version of the English version is customized:
1. First copy the WinPE directory to the hard disk, assume that the copy of the hard disk directory is: E: / WinPE.
This can be copied with the resource manager.
2, then download the MSA EDC Deployment Kit from the Microsoft website.
E: / TEMP /> WGET
Http://download.microsoft.com/download/win2000srv/msaedc/edc1.5/nt5/en-us/05-edcv1.5deploymentkit.exe
Solve this package to E: / TEMP / EDCAPFDEPLOYMENT, then:
E: / Temp /> Copy EDCAPFDep1Ployment / WinpeSupport / WinpeSys.inf E: / WinPE
The winpesys.inf here is actually supported by RAMDISK, and the default disk is R, the size is 4m. You can change the drive letter by modifying HKLM, "System / Controlset001 / Services / Ramdrv / Parameters", "Drivetter", 00000000000000, "R:" to modify HKLM, "System / Controlset001 / Services / Ramdrv / Parameters", "Disksize" The 0x00010001, 0x400000 is revised.
3, prepare WinXP discs, such as in the F disc. I am very strange why the pebuilder uses SP1 CD, I found that the installation of XP is also possible.
4. Run the mkimg.cmd script to generate a file file.
If you want WinPE to start, you can modify the Config.inf file under the E: / WinPE directory, and change the OSLOADOPTIONS to the following:
OsloadOptions = TXTSETUP.SIF, Setupdata, "/ FastDetect / minint / NOGUIBOOT / INRAM"
But make sure your system is 256M memory.
Modify the loaderprompt item if you want to modify the launch prompt information. Of course, these two items can be not done, and use the following command to generate WinPE files:
E: / winpe /> mkimg.cmd f: E: /TEMP/WINPE.TMP
If you delete the Winsxs directory and its files under the i386, the last ISO is not available for NOTEPAD. But if you directly change the WinPE ISO released, you will not be able to execute, don't know why.
5, copy the driver file of ramdisk
E: / WinPE /> COPY E: /TEMP/EDCAPFDeployment/winpesupport/ramdrv.inf E: /TEMP/WINPE.TMP/I386/INF/F /
E: / WinPE /> COPY E: /TEMP/EDCAPFDepfDePloyment/winpesupport/ramdrv.sys e: /temp/winpe.tmp/i386/system32/Drivers/6, plus Erd Command 2002
Just copy Commandshell.exe, Common.dll, Compmgmt.exe, Cs.cfg, dt.cfg, erdcmdr2002.cnt, erdhelp.exe, explorer.exe, fixshell.dll, fe.cfg, filesearch.exe, locksmith.exe , logoff.exe, ntfsver.exe, ntfsver.exe, pwdserv.exe, tcpcfg.exe, WindowsShell.exe these files to E: /TEMP/WINPE.TMP/I386/system32 is OK. Being ISO is started after executing logon in the System32 directory, you can enter Erd, even if you don't want to use ERD, you can also use some of its tools, such as using TCPCFG, you can configure the network.
7, adjust WinPE
Now you can make ISO, but when WinPE starts, you will prompt the press any key to boot from CD. If you don't have button, you want to boot from the hard disk, just remove the bootfix under the E: /TEMP/WINPE.TMP/I386 directory. The .bin file will not have this prompt.
When WinPE starts, you will first use the E: /TEMP/WINPE.TARTNET.CMD file to edit this script so that it is more convenient to start.
Third, make ISO files.
Diskemu is a multi-boot software common software, and it is also very simple. Create a work directory E: / CD, copy Diskem1x.bin, Diskemu.cmd to the CD directory. Built an IMG and Knoppix directory in the CD directory.
Copy Knoppix's compressed files Knoppix to E: / cd / knoppix, copy boot.img to E: / cd/img/knoppix.img, copy a copy to E: / CD / KNOPPIX / below, otherwise using KNX- The HDINSTSALL script will be incorrect when knoppix is installed to the hard drive.
Copy all the files under E: /TEMP/WINPE.TMP to E: / CD, copy E: /WINPEL/EtFSBoot.com to E: / CT / IMG/WINPE.BIN.
Modify Diskemu.cmd file, here is a reference:
CD IMG
: start
CLS
PRINT 1. Knoppix
Print 2. Windowspe
Print r. Reboot
Print Q. Quit To Command Prompt
Print Esc. Boot First Harddisk
: mainkey
; Timeout IS 60 Seconds, Default Key Is Escape
GetKey 60 ESC
ONKEY 1 GOTO KNOPPIX
ONKEY 2 GOTO WINPE
ONKEY F1 GOTO HELP
ONKEY Q Quit
Onkey R Reboot
ONKEY F BOOT 0
Onkey ESC Boot 80
When No Key Found ... Goto MainKey
;
: Help
CLS
Print Help
Print ----
Print Have ISO9660 FileSystem Support, You Can Do "Dir" and "CD"
Print a "Advanced" Command Prompt to Load Anything You Want
Print a Simple Bootmenu for "Less" Advanced Uses
Print AutodeTection of Floppy Image Types (by filesis)
Print Using A Bootable Diskemu 1.x CD-ROM, You Can Even Boot Images from "Non-
Print Bootable "CD-ROMS, Just Swap The CD, Type" CD / "and you can use what CD.
Print (Cool!)
Print You CAN CREATE A MULTIBOOT Bootable CD-ROM Using (Almost) Any Recording
Print Software you want
Print Supported Floppy Types: 160KB, 180KB, 320KB, 360KB, 1.2MB, 720KB, 820KB,
PRINT 1.44MB, 1.68MB, 1.72MB, 2.88MB
Print All Supported Command Are Listed Below.
Print Batch boot bootinfotable CD CLS Dir
Print echo emusegm getkey goto help keyval
Print LoadSegm onkey Print Quit Readtest Reboot
Print Run Test Type Ver
Print Help
Print Press any key to return to main menu
getKey
Goto Start
;
: Knoppix
Print Use Knoppix
Run knoppix.img
getKey
Goto Start
;
: WinPE
Print Windowspe
Run winpe.bin
getKey
Goto Start
;
EOF
Then you can make an ISO file, but you must pay attention to the format of ISO, you can't use ISO9660, you want to use the joliet format compatible with ISO9660 files, CDImage-J1 parameters meet this condition:
CDIMAGE -LTOOLCD -J1 -BLoader.bin CD Toolcd.ISO
OK, try to guide with Toolcd.iso.
Fourth, simple instructions
LINUX section:
1. The startup menu selection 1 is the Knoppix that does not have SCSI, but the speed is faster, and select 2 is Knoppix with SCSI, start the detection SCSI device. 2, VMware exits from XWindow to make the screen changed to the problem yet.
3, if the machine has multiple optical drives, put it in / dev / cdrom, otherwise it cannot be started.
4, you can use the KNX-HDInstall script to make the system easily quickly install to your hard drive.
WinPE section:
1. After startup, use STARTCMD.NET's script, first prompt the system resolution, the default is 800x600.
2, prompt to start the network or start Erd Command (hard disk needs to have WIN system, license is in the CD-Root Catalog).
3. Enter Explorer to launch ERD resource manager, hard disk has FAT, NTFS partitions can also be read directly.
4, the Tools directory will be added to the PATH environment variable, there are a lot of fun in Dongdong, you can also add themselves.
statement:
Since the disc contains a lot of business software, you can't provide download, don't ask me to come from there. I just introduced you to the production method of the tool disc, which is convenient for you to do penetration testing, investigation and evidence, intrusion detection, network traps, etc.
reference:
http://www.knoppix.net/docs/index.php/knoppixremasteringhowto
http://www.knoppix.net/docs/index.php/knoppixcustomkernelhowto
Http://www.microsoft.com/technet/itsolutions/edc/pak/build/edcbld05.asp
http://honeynet.xfocus.net/papers/gen2/2/
