Tool CD Making Notes
Creation time: 2003-06-02
Article attribute: original
Article submission:
SAN (SAN_AT_XFOCUS.ORG)
First, heavy irrigation Knoppix
Knoppix is a Debian-based Linux, there are many articles on the Knoppix re-customizing the online, I am actually just the records you have.
1, unpacking ISO
There is no vacant machine or empty partition that can only be tossing with a virtual machine. Add a new Linux system to the VPC, select the memory size, hard disk image file, then start this system, in the menu CD -> Capture Image ... Select Knoppix_v3.2-2003-05-03-en.ISO .
Start Option Enter Knoppix 2 Enter the character mode, divide the / dev / hda with fdisk, 5 G should be sufficient, then create a file system with mkfs.ext2 to / dev / hda1. On this partition Mount:
# mount -o rw / dev / hda1 / mnt / hda1
Establish a work directory:
# MKDIR / MNT / HDA1 / KNX
# MKDIR -P / MNT / HDA1 / KNX / MASTER / KNOPPIX
# MKDIR -P / MNT / HDA1 / KNX / SOURCE / KNOPPIX
If the machine does not have enough memory, you should create a swap file because the compressed file will be written to memory because the last compressed file system:
# CD / MNT / HDA1 / KNX; DD IF = / dev / zero of = swapfile bs = 1M count = 750; mkswap swapfile; swapon swapfile
Copy the Knoppix file, the P parameter of the CP is to keep all the properties of the file, where the copy will continue to be longer.
# cp -rp / knoppix / * / mnt / hda1 / knx / source / knoppix
The following copy is to restore the ISO after re-compiling the kernel. Otherwise, just copy boot.img.
# CD / CDROM / Knoppix
# cp Boot.img Boot.cat Knoppix / MNT / HDA1 / KNX / MASTER / KNOPPIX
Enter the Chroot environment for Knoppix's big knife cut:
# Chroot / MNT / HDA1 / KNX / SOURCE / KNOPPix
2, crop and replacement
After entering the Chroot environment, PROC on MOUNT:
# Mount -t Proc / Proc Proc
Configure a good network ready. Since all packages are maintained by the APT system, all packages may need to modify the /etc/apt/sources.list file, and the speed of speed is used.
Then use the APT-GET -PURGE Remove Program command to delete unwanted stuff, reducing space to installing other things you want. / usr / share / doc This catalog is also relatively large, more than 100 M, also smashed.
You can find some packages that are no longer associated by executing DEBORPHAN, which can also be securely deleted.
Because you want Knoppix to fit the bridge for Honeynet Genii, you must call the kernel:
# APT-GET Install kernel-source-2.4.20
# APT-GET Install kernel-patch-xfs
# wget
http://users.pandora.be/bart.de.schuymer/ebtables/v2.0/v2.0./ebtables-v2.0.003_vs_2.4.20.diff
# wget
http://users.pandora.be/bart.de.schuymer/ebtables/br-nf/bridge-nf-0.0.10-against-2.4.20.diff# tar jxf kernel-source-2.4.20.tar. BZ2
# CP Linux / .config kernel-source-2.4.20 /
# rm Linux
# ln -s kernel-source-2.4.20 linux
# cd Linux
# ../kernel-patches/All/apply/xfs
# Patch -p1 <../ebtables-v2.0.003_vs_2.4.20.diff
# Patch -p1 <../bridge-nf-0.0.10-against-2.4.20.diff
We use the Knoppix kernel profile .config, here you should pay attention to the Ebtables patch must be hit in Bridge-NF, otherwise it will be wrong.
# Make MenuConfig
In the kernel options, 802.1d ethernet bridging and related options are selected, others can change customization according to their own needs, perform this step to play Knoppix kernel patches:
# Patch -p1 <../knoppix-kernel.patch
Then compile the kernel:
# Make Dep
# Make Bzimage
# Make Modules
# Make ModuLs_Install
Compilation modules take a lot of time. After installation, you can delete the Konippix's original kernel:
# rm -rf /usr/src/linux-2.4.20-XFS
# rm -rf /lib/modules/2.4.20-xfs
# rm -rf / boot / *
# RM / VMLinuz
Tit the new kernel:
# cp system.map /boot/system.map-2.4.20
# CP Arch / i386 / boot / bzimage /Boot/Vmlinuz-2.4.20
# cd / boot
# ln-s system.map-2.4.20 system.map
# ln -s vmlinuz-2.4.20 VMLinuz
# CD /
# ln -s boot / vmlinuz-2.4.20 VMLinuz
You must recompile the CLOOP.O module with a new kernel:
# CD / TMP
# wget
http://www.knopper.net/download/knoppix/cloop_0.68-2.tar.gz
# TAR XZF CLOOP_0.68-2.TAR.GZ
# cd cloop-0.68
# make kernel_dir = / usr / src / linux
Since Knoppix starts the system via boot.img, you must modify it, press Alt F2 to enter another non-Chroot's shell, copy boot.img to:
# cp /mnt/hda1/knx/master/knoppix/boot.img / mnt / hda1 / knx / source / knoppix / var / tmp
Change it in Chroot's shell environment.
# CD / TMP
# mkdir boot mroot
# mount boot.img boot -t msdos -o loop = / dev / loop0
# cp boot / miniroot.gz.
# gzip -d miniroot.gz
# mount miniroot mroot -t ext2 -o loop = / dev / loop1
# cp /tmp/cloop-0.68/cloop.o / tmp / mRoot / modules /
Since my kernel is large, the index will support the SCSI CD drive, so the speed will be a lot of speed: # rm -rf / tmp / mroot / modules / SCSI
Modify / TMP / MROOT / LinuxRC, set SCSI_Modules = "".
In fact, you can use WinImage to expand boot.img, then these things can be easily placed, with multiple start image files, more choices. Note that the image file name is to use 8.3 format, followed by DiskemU only using this format.
Package MINIROOT:
# umount / tmp / mroot
# Gzip -9 miniroot
# cp miniroot.gz boot /
Turn your new kernel image:
# cp /boot/vmlinuz-2.4.20 / tmp / boot / vmlinuz
Modify the default VMLinuz settings of the syslinux.cfg file in the / tmp / boot directory, change the lang = us to LANG = CN 2, change the following LANG = US to LANG = CN. This way, Knoppix is rebooted, defaults to the language attribute to Chinese, and the character mode is used by default, and there is no need to start to enter XWindow.
You can also modify the Boot.msg, F2, and LOGO.16 of the / TMP / BOOot. This new boot.img can boot the Knoppix to the new kernel, refill first, then install the driver related to the kernel under the new kernel. Exit the Chroot environment, re-produce ISO with new boot.img:
# cp /mnt/hda1/knx/source/knoppix/var/tmp/boot.img /mnt/hda1/knx/master/knoppix/boot.img
# CD / MNT / HDA1 / KNX /
# mkisofs -pad -l -r -j -v -v "knoppix" -b knoppix / boot.img -c knoppix / boot.cat -hide-rr-moved -o /mnt/hda1/knx/knoppix.iso / MNT / HDA1 / KNX / MASTER
Making the ISO speed is relatively fast, transmit /mnt/hda1/knx/knoppix.iso to your own system, then start the virtual machine with this ISO.
3, update and install new drivers
After restarting, you can use uname -a to see if it is already a new kernel.
Enhance support for wireless network cards. The default Linux is a wireless network card that does not support Atmel chips, there is an additional installation, here is an unofficial release version:
# Chroot / MNT / HDA1 / KNX / SOURCE / KNOPPix
# CD / TMP
# wget
http://atmelwlandriver.sourceforge.net/snapshots/atmelwlandriver-ss-20030507.tar.gz
# tar xzf atmelwlandriver-ss-20030507.tar.gz
# cd atmelwlandriver
# make config
Build All [Y / N] <- The choice y compiled all the drivers.
# Make All
# make install
For the Drive Linux of ORINOCO, the default driver does not support the wireless network card Monitor mode, the Airsnort master provides the corresponding patch, can be picked up by patching the PCMCIA-CS, which can also drive the Orinoco driver patch, so Simple:
# CD / TMP
# wget
http://ozlabs.org/people/dgibson/dldwd/orinoco-0.13b.tar.gz# wget
http://airsnort.shmoo.com/orinoco-0.13B-PATCHED.DIFF
# tar xzf orinoco-0.13b.tar.gz
# cd orinoco-0.13b
# patch -p1 <../orinoco-0.13b-patch.diff
# Make
# make install
Linux-WLAN-NG drivers are also updated:
# CD / TMP
# wget
ftp://ftp.linux-wlan.org/pub/linux-wlan-ng/linux-wlan-ng-0.2.1-pre5.tar.gz
# TAR XZF Linux-WLAN-NG-0.2.1-pre5.tar.gz
# CD Linux-WLAN-NG-0.2.1
# Make config <- This can basically put all the drivers plus
# Make All
# make install
Prism's chip can also use ORINOCO driver, if you confirm that some NIC can modify the / etc / pcmcia / config file, use the driver to change, such as the network card of Compaq WL100, can use Orinoco driver, you can change it to make:
Bind "Prism2_CS"
In this way in inserting the COMPAQ WL100 will use Linux-WLAN-NG drivers, other network cards can also be modified, but you have to know the chip used by the NIC.
4, XWindow desktop environment modification and Chinese
Knoppix uses KDE by default as a desktop environment, which is too big. In addition to fluxbox, wmake, TWM, delete all other desktop environments, FVWM is also very nice, install directly with APT. Use fluxbox as the default desktop. The input method uses Fcitx, very nice, and has entered the debian SID, it is convenient for updating. Modify /etc/init.d/knoppix-autoconfig 1026 lines near the value of Desktop variables are changed as follows:
# Also Read Desired Desktop, IF ANY
Desktop = "$ (getBootParam Desktop 2> / dev / null)"
# Allow only supported WINDOWMANAGERS
Case "$ Desktop" IN FVWM | WindowMaker | WMAKER | FLUXBOX | TWM) ;; *) Desktop = "fluxbox" ;; ESAC
Knoppix is actually performed on /etc/x11/xsession.D/45x11/xsession.d/45xession, such as startkde (). You need to add a similar function to FVWM, completely copy StartFluxbox (). STARTKDE () can be deleted to save space.
Modify the last part of the 45xSession file:
IF ["$ lGuage" = "cn"]; then
Export XModifiers = @ im = fcitx
/ usr / bin / fcitx &
Fi
Case "$ desktop" in
FVWM | FVWM) STARTFVWM ;;
FLUXBOX | FLUXBOX) STARTFLUXBOX ;;
WindowMaker | WMAKER | WindowMaker | WMAKER ["$ freeMem" -ge "35000"] && startwindowmaker || StartTWM lowmem 64; ;; TWM | TWM) StartTWM ;;;;
*) STARTTWM INVALIDWM ;;;;;;;
ESAC
There are still many places where this script can be modified. Maybe you also need to modify the /etc/init.d/xsession script, and more.
The font uses SIMSUN and uses Firefly patch, you can download here:
http://debian.ustc.edu.cn/dev/
Modify /etc/gtk/gtkrc.zh_cn:
STYLE "gtk-default-zh-cn" {
Fontset = "-Misc-SIMSUN-Medium-R-NORMAL - 14- * - * - * - * - * - ISO10646-1, /
-MISC-SIMSUN-MEDIUM-R-NORMAL - 14 - * - * - * - * - * - ISO10646-1
}
Class "gtkwidget" style "gtk-default-zh-cn"
Modify /etc/init.d/xsession, the default use root user starts X.
5, Honeynet function
# MKDIR / HONEYNET
# wget
http://honeynet.xfocus.net/papers/honeynet/tools/snort_inline.tgz
# wget
http://honeynet.xfocus.net/papers/honeynet/tools/sebeksniff-2.0.1.tar.gz
# wget
http://honeynet.xfocus.net/papers/honeynet/tools/sebek-linux-2.0.1.tar.gz
# APT-GET Install Swatch
# APT-GET Install Honeyd
Adjust it later.
6, generate compressed file system
It is recommended to upgrade and clean the garbage before the system is recommended.
# APT-GET -U Upgrade <- Here to note that some service types of software add boot startup scripts, you can use Update-Rc.D to delete.
# APT-GET CLEAN
Update association:
# Updatedb
# umount / proc
Repair file system after exiting the Chroot environment:
# mkisofs -r -u -v "knoppix.net filesystem" -p "knoppix
Www.knoppix.net "-Hide-r-moved -cache-inodes -no-bak -pad / mnt / hda1 / kNX / source / knoppix | nice -5 / usr / bin / create_compressed_fs - 65536> / mnt / hda1 / KNX / MASTER / KNOPPIX / KNOPPIX
Second, make WinPE
As a tool disk, if there is a Windows environment, WinPE solves this problem.
Customized a WinPE is very easy, the English version of the English version is customized:
1. First copy the WinPE directory to the hard disk, assume that the copy of the hard disk directory is: E: / WinPE.
This can be copied with the resource manager.
2, then download the MSA EDC Deployment Kit from the Microsoft website.
E: / TEMP /> WGET
http://download.microsoft.com/downloadc/win2000srv/msaedc/edc1.5/nt5Deploymentkit.edcv1.5deploymentkit.exe Unnovated this package to E: / TEMP / EDCAPFDeployment, then:
E: / Temp /> Copy EDCAPFDep1Ployment / WinpeSupport / WinpeSys.inf E: / WinPE
The winpesys.inf here is actually supported by RAMDISK, and the default disk is R, the size is 4m. You can change the drive letter by modifying HKLM, "System / Controlset001 / Services / Ramdrv / Parameters", "Drivetter", 00000000000000, "R:" to modify HKLM, "System / Controlset001 / Services / Ramdrv / Parameters", "Disksize" The 0x00010001, 0x400000 is revised.
3, prepare WinXP discs, such as in the F disc. I am very strange why the pebuilder uses SP1 CD, I found that the installation of XP is also possible.
4. Run the mkimg.cmd script to generate a file file.
If you want WinPE to start, you can modify the Config.inf file under the E: / WinPE directory, and change the OSLOADOPTIONS to the following:
OsloadOptions = TXTSETUP.SIF, Setupdata, "/ FastDetect / minint / NOGUIBOOT / INRAM"
But make sure your system is 256M memory.
Modify the loaderprompt item if you want to modify the launch prompt information. Of course, these two items can be not done, and use the following command to generate WinPE files:
E: / winpe /> mkimg.cmd f: E: /TEMP/WINPE.TMP
If you delete the Winsxs directory and its files under the i386, the last ISO is not available for NOTEPAD. But if you directly change the WinPE ISO released, you will not be able to execute, don't know why.
5, copy the driver file of ramdisk
E: / WinPE /> COPY E: /TEMP/EDCAPFDeployment/winpesupport/ramdrv.inf E: /TEMP/WINPE.TMP/I386/INF/F /
E: / WinPE /> COPY E: /TEMP/EDCapfDepfDeployment/winpesupport/ramdrv.sys e: /temp/winpe.tmp/i386/system32/drivers/
6, plus Erd Command 2002
Just copy Commandshell.exe, Common.dll, Compmgmt.exe, Cs.cfg, dt.cfg, erdcmdr2002.cnt, erdhelp.exe, explorer.exe, fixshell.dll, fe.cfg, filesearch.exe, locksmith.exe , logoff.exe, ntfsver.exe, ntfsver.exe, pwdserv.exe, tcpcfg.exe, WindowsShell.exe these files to E: /TEMP/WINPE.TMP/I386/system32 is OK. Being ISO is started after executing logon in the System32 directory, you can enter Erd, even if you don't want to use ERD, you can also use some of its tools, such as using TCPCFG, you can configure the network.
7, adjust WinPE
Now you can make ISO, but when WinPE starts, you will prompt the press any key to boot from CD. If you don't have button, you want to boot from the hard disk, just remove the bootfix under the E: /TEMP/WINPE.TMP/I386 directory. The .bin file will not have this prompt. When WinPE starts, you will first use the E: /TEMP/WINPE.TARTNET.CMD file to edit this script so that it is more convenient to start.
Third, make ISO files.
Diskemu is a multi-boot software common software, and it is also very simple. Create a work directory E: / CD, copy Diskem1x.bin, Diskemu.cmd to the CD directory. Built an IMG and Knoppix directory in the CD directory.
Copy Knoppix's compressed files Knoppix to E: / cd / knoppix, copy boot.img to E: / cd/img/knoppix.img, copy a copy to E: / CD / KNOPPIX / below, otherwise using KNX- The HDINSTSALL script will be incorrect when knoppix is installed to the hard drive.
Copy all the files under E: /TEMP/WINPE.TMP to E: / CD, copy E: /WINPEL/EtFSBoot.com to E: / CT / IMG/WINPE.BIN.
Modify Diskemu.cmd file, here is a reference:
CD IMG
: start
CLS
PRINT 1. Knoppix
Print 2. Windowspe
Print r. Reboot
Print Q. Quit To Command Prompt
Print Esc. Boot First Harddisk
: mainkey
; Timeout IS 60 Seconds, Default Key Is Escape
GetKey 60 ESC
ONKEY 1 GOTO KNOPPIX
ONKEY 2 GOTO WINPE
ONKEY F1 GOTO HELP
ONKEY Q Quit
Onkey R Reboot
ONKEY F BOOT 0
Onkey ESC Boot 80
When No Key Found ...
Goto MAINKEY
;
: Help
CLS
Print Help
Print ----
Print Have ISO9660 FileSystem Support, You Can Do "Dir" and "CD"
Print a "Advanced" Command Prompt to Load Anything You Want
Print a Simple Bootmenu for "Less" Advanced Uses
Print AutodeTection of Floppy Image Types (by filesis)
Print Using A Bootable Diskemu 1.x CD-ROM, You Can Even Boot Images from "Non-
Print Bootable "CD-ROTAMS, Just Swap The CD, Type" CD / "And You Can Use That CD.Print (COOL!)
Print You CAN CREATE A MULTIBOOT Bootable CD-ROM Using (Almost) Any Recording
Print Software you want
Print Supported Floppy Types: 160KB, 180KB, 320KB, 360KB, 1.2MB, 720KB, 820KB,
PRINT 1.44MB, 1.68MB, 1.72MB, 2.88MB
Print All Supported Command Are Listed Below.
Print Batch boot bootinfotable CD CLS Dir
Print echo emusegm getkey goto help keyval
Print LoadSegm onkey Print Quit Readtest Reboot
Print Run Test Type Ver
Print Help
Print Press any key to return to main menu
getKey
Goto Start
;
: Knoppix
Print Use Knoppix
Run knoppix.img
getKey
Goto Start
;
: WinPE
Print Windowspe
Run winpe.bin
getKey
Goto Start
;
EOF
Then you can make an ISO file, but you must pay attention to the format of ISO, you can't use ISO9660, you want to use the joliet format compatible with ISO9660 files, CDImage-J1 parameters meet this condition:
CDIMAGE -LTOOLCD -J1 -BLoader.bin CD Toolcd.ISO
OK, try to guide with Toolcd.iso.
Fourth, simple instructions
LINUX section:
1. The startup menu selection 1 is the Knoppix that does not have SCSI, but the speed is faster, and select 2 is Knoppix with SCSI, start the detection SCSI device.
2, VMware exits from XWindow to make the screen changed to the problem yet.
3, if the machine has multiple optical drives, put it in / dev / cdrom, otherwise it cannot be started.
4, you can use the KNX-HDInstall script to make the system easily quickly install to your hard drive.
WinPE section:
1. After startup, use STARTCMD.NET's script, first prompt the system resolution, the default is 800x600.
2, prompt to start the network or start Erd Command (hard disk needs to have WIN system, license is in the CD-Root Catalog).
3. Enter Explorer to launch ERD resource manager, hard disk has FAT, NTFS partitions can also be read directly.
4, the Tools directory will be added to the PATH environment variable, there are a lot of fun in Dongdong, you can also add themselves.
statement:
Since the disc contains a lot of business software, you can't provide download, don't ask me to come from there. I just introduced you to the production method of the tool disc, which is convenient for you to do penetration testing, investigation and evidence, intrusion detection, network traps, etc. reference:
http://www.knoppix.net/docs/index.php/knoppixremasteringhowto
http://www.knoppix.net/docs/index.php/knoppixcustomkernelhowto
Http://www.microsoft.com/technet/itsolutions/edc/pak/build/edcbld05.asp
http://honeynet.xfocus.net/papers/gen2/2/
