std的软件列表
Tools are grouped as follows:
authentication
/usr/bin/auth/
freeradius 0.9.3 : GPL RADIUS server
encryption
/usr/bin/crypto/
2c2 : multiple plaintext -> one ciphertext
4c : as with 2c2 (think plausible deniability)
acfe : traditional cryptanalysis (like Vigenere)
cryptcat : netcat + encryption
gifshuffle : stego tool for gif images
gpg 1.2.3 : GNU Privacy Guard
ike-scan : VPN fingerprinting
mp3stego : stego tool for mp3
openssl 0.9.7c
outguess : stego tool
stegbreak : brute-force stego'ed JPG
stegdetect : discover stego'ed JPG
sslwrap : SSL wrapper
stunnel : SSL wrapper
super-freeSWAN 1.99.8 : kernel IPSEC support
texto : make gpg ascii-armour look like weird English
xor-analyze : another "intro to crytanalysis" tool
forensics
/usr/bin/forensics/
sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
biew : binary viewer
bsed : binary stream editor
consh : logged shell (from F.I.R.E.)
coreography : analyze core files
dcfldd : US DoD Computer Forensics Lab version of dd
fenris : code debugging, tracing, decompiling, reverse engineering tool
fatback : Undelete FAT files
foremost : recover specific file types from disk images (like all JPG files)
ftimes : system baseline tool (be proactive)
galleta : recover Internet Explorer cookies
hashdig : dig through hash databases
hdb : java decompiler
mac-robber : TCT's graverobber written in C
md5deep : run md5 against multiple files/directories
memfetch : force a memory dump
pasco : browse IE index.dat
photorec : grab files from digital cameras
readdbx : convert Outlook Express .dbx files to mbox format
readoe : convert entire Outlook Express .directory to mbox format
rifiuti : browse Windows Recycle Bin INFO2 files
secure_delete : securely delete files, swap, memory....
testdisk : test and recover lost partitions
wipe : wipe a partition securely. good for prep'ing a partition for dd
and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)
firewall
/usr/bin/fw/
blockall : script to block all inbound TCP (excepting localhost)
flushall : flush all firewall rules
firestarter : quick way to a firewall
firewalk : map a firewall's rulebase
floppyfw : turn a floppy into a firewall
fwlogwatch : monitor firewall logs
iptables 1.2.8
gtk-iptables : GUI front-end
shorewall 1.4.8-RC1 : iptables based package
honeypots
/usr/bin/honeypot/
honeyd 0.7
labrea : tarpit (slow to a crawl) worms and port scanners
thp : tiny honeypot
ids
/usr/bin/ids/
snort 2.1.0: everyone's favorite networks IDS
ACID : snort web frontend
barnyard : fast snort log processor
oinkmaster : keep your snort rules up to date
hogwash : access control based on snort sigs
bro : network IDS
prelude : network and host IDS
WIDZ : wireless IDS, ap and probe monitor
aide : host baseline tool, tripwire-esque
logsnorter : log monitor
swatch : monitor any file, oh like say syslog
sha1sum
md5sum
syslogd
network utilities
/usr/bin/net-utils/
LinNeighboorhood : browse SMB networks like windows network neighborhood
argus : network auditor
arpwatch : keep track of the MACs on your wire
cdpr : cisco discovery protocol reporter
cheops : snmp, network discovery and monitor tool
etherape : network monitor and visualization tool
iperf : measure IP performance
ipsc : IP subnet calculator
iptraf : network monitor
mrtg : multi router traffic grapher
mtr : traceroute tool
ntop 2.1.0 : network top, protocol analyzer
rrdtool : round robin database
samba : opensource SMB support
tcptrack : track existing connections
password tools
/usr/bin/pwd-tools/
john 1.6.34 : John the Ripper password cracker
allwords2 : CERIAS's 27MB English dictionary
chntpw : reset passwords on a Windows box (including Administrator)
cisilia : distributed password cracker
cmospwd : find local CMOS password
djohn : distributed John the Ripper
pwl9x : crack Win9x password files
rcrack : rainbow crack
servers
/usr/bin/servers
apache
ircd-hybrid
samba
smail
sshd
vnc
net-snmp
tftpd
xinetd
packet sniffers
/usr/bin/sniff/
aimSniff : sniff AIM traffic
driftnet : sniffs for images
dsniff : sniffs for cleartext passwords (thanks Dug)
ethereal 0.10.0 : the standard. includes tethereal
ettercap 0.6.b : sniff on a switched network and more.
filesnarf : grab files out of NFS traffic
mailsnarf : sniff smtp/pop traffic
msgsnarf : sniff aol-im, msn, yahoo-im, irc, icq traffic
ngrep : network grep, a sniffer with grep filter capabilities
tcpdump : the core of it all
urlsnarf : log all urls visited on the wire
webspy : mirror all urls visited by a host in your local browser
tcp tools
/usr/bin/tcp-tools/
arpfetch : fetch MAC
arping : ping by MAC
arpspoof : spoof arp
arpwatch : montior MAC addresses on the wire
despoof : detect spoofed packets via TTL measurement
excalibur : packet generator
file2cable : replay a packet capture
fragroute : packet fragmentation tool (thanks again Dug)
gspoof : packet generator
hopfake : spoof hopcount replies
hunt : tcp hijacker
ipmagic : packet generator
lcrzoex : suite of tcp tools
macof : flood a switch with MACs
packetto : Dan Kaminsky's suite of tools (includes 1.10 and 2.0pre3)
netsed : insert and replace strings in live traffic
packETH : packet generator
tcpkill : die tcp, die!
tcpreplay : replay packet captures
tunnels
/usr/bin/tunnels/
cryptcat : encrypted netcat
httptunnel : tunnel data over http
icmpshell : tunnel data over icmp
netcat : the incomparable tcp swiss army knife
shadyshell : tunnel data over udp
stegtunnel : hide data in TCP/IP headers
tcpstatflow : detect data tunnels
tiny shell : small encrypted shell
vulnerability assessment
/usr/bin/vuln-test/
Way too many to list them all. There's much from THC, ADM, RFP, NMRC, TESO, Phenoelit. Be very careful with these tools. Remember, no guarantees are offered and you are entirely responsible for your own actions.
ADM tools : like ADM-smb and ADMkillDNS
amap 4.5 : maps applications running on remote hosts
IRPAS : Internet Routing Protocol Attack Suite
chkrootkit 0.43 : look for rootkits
clamAV : virus scanner. update your signatures live with freshclam
curl : commandline utility for transferring anything with a URL
exodus : web application auditor
ffp : fuzzy fingerprinter for encrypted connections
firewalk : map a firewall rulebase
hydra : brute force tool
nbtscan : scan SMB networks
ncpquery : scan NetWare servers
nessus 2.0.9 : vulnerability scanner. update your plugins live with nessus-update-plugins
nikto : CGI scanner
nmap 3.48 : the standard in host/port enumeration
p0f : passive OS fingerprinter
proxychains: chain together multiple proxy servers
rpcinfo : hmmmm.... info from RPC?
screamingCobra : CGI scanner
siege : http testing and benchmarking utility
sil : tiny banner grabber
snot : replay snort rules back onto the wire. test your ids/incidence response/etc.
syslog_deluxe : spoof syslog messages
thcrut : THC's "r you there?" network mapper
vmap : maps application versions
warscan : exploit automation tool
xprobe2 : uses ICMP for fingerprinting
yaph : yet another proxy hunter
zz : zombie zapper kills DDoS zombies
wireless tools
/usr/bin/wireless/
airsnarf : rogue AP setup utility
airsnort : sniff, find, crack 802.11b
airtraf : 802.11b network performance analyzer
gpsdrive : use GPS and maps
kismet 3.0.1 : for 802.11 what else do you need?
kismet-log-viewer : manage your kismet logs
macchanger : change your MAC address
wellenreiter : 802.11b discovery and auditing
patched orinoco drivers : automatic (no scripts necessary)
下面是localareasecurfity的软件,没分类的
ISIC - http://www.packetfactory.net/Projects/ISIC/
LinNeighborhood - http://www.bnro.de/~schmidjo/
SARA - http://www-arc.com/sara/
admsmp - ftp://freelsd.net/
admsnmp - ftp://freelsd.net/
aide - http://www.cs.tut.fi/~rammer/aide.html
airsnort - http://airsnort.shmoo.com/
amap - http://www.thc.org/releases.php
angst - http://angst.sourceforge.net/
argus-client - http://www.qosient.com/argus/
argus-server - http://www.qosient.com/argus/
arptool - http://users.hotlink.com.br/lincoln/arptool/
arpwatch - http://www.securityfocus.com/tools/142
atmelwlandriver - http://atmelwlandriver.sourceforge.net/news.html
autopsy / sleuthkit - http://www.sleuthkit.org/
bass - http://www.securityfocus.com/tools/394
bfbtester - http://bfbtester.sourceforge.net/
biew - http://biew.sourceforge.net/en/biew.html
binutils - http://sources.redhat.com/binutils/
bruth - http://bruth.sourceforge.net/
bsed - http://www1.bell-labs.com/project/wwexptools/bsed/
cabextract - http://www.kyz.uklinux.net/cabextract.php
ccrypt - http://quasar.mathstat.uottawa.ca/~selinger/ccrypt/
cflow - http://net.doit.wisc.edu/~plonka/Cflow/
cgrep - http://www1.bell-labs.com/project/wwexptools/cgrep/
cheops - http://www.marko.net/cheops/
chkrootkit - http://www.chkrootkit.org/
clamav - http://clamav.elektrapro.com/
cmospwd - http://www.cgsecurity.org/index.html?cmospwd.html
crank - http://crank.sourceforge.net/about.html
cryptcat - http://sourceforge.net/projects/cryptcat/
cscope - http://cscope.sourceforge.net/
curl - http://curl.haxx.se/
darkstat - http://members.optushome.com.au/emikulic/net/darkstat/
disco - http://www.altmode.com/disco/
dlint - http://www.domtools.com/dns/dlint.shtml
driftnet - http://www.ex-parrot.com/~chris/driftnet/
dsniff - http://naughty.monkey.org/~dugsong/dsniff/
echoping - http://echoping.sourceforge.net/
ethereal- http://ethereal.com/
ettercap - http://ettercap.sourceforge.net/
ettercap-gtk - http://www.dnetc.org/?s=ettercap
farpd - http://packages.debian.org/unstable/net/farpd.html
fenris - http://razor.bindview.com/tools/fenris/
findutils - http://www.gnu.org/software/findutils/findutils.html
firewalk - http://www.packetfactory.net/firewalk/
foremost - http://foremost.sourceforge.net/
fping - http://www.fping.com/
fragroute - http://www.monkey.org/~dugsong/fragroute/
gkismet - http://gkismet.sourceforge.net/
gnupg - http://www.gnupg.org/
gpa - http://www.gnupg.org/(en)/related_software/gpa/index.html
hackbot - http://freshmeat.net/projects/hackbot/?topic_id=87%2C43%2C861
hammerhead - http://hammerhead.sourceforge.net/
hlfl - http://www.hlfl.org/
hping2 - http://www.hping.org/
httptunnel - http://www.nocrew.org/software/httptunnel.html
httpush - http://sourceforge.net/projects/httpush
hunt - http://packages.debian.org/stable/net/hunt.html
idsa / idsaguardgtk - http://jade.cs.uct.ac.za/idsa/
idswakeup - http://www.hsc.fr/ressources/outils/idswakeup/
iptraf - http://cebu.mozcom.com/riker/iptraf/
john - http://www.openwall.com/john/
kismet - http://www.kismetwireless.net/
knocker - http://knocker.sourceforge.net/
libdbx - http://sourceforge.net/projects/ol2mbox
libpst - http://sourceforge.net/projects/ol2mbox
ltrace - http://freshmeat.net/projects/ltrace/?topic_id=846%2C47
macchanger - http://www.alobbs.com/modules.php?op=modload&name=macc&file=index
macrobber - http://www.sleuthkit.org/mac-robber/desc.php
mc - http://www.ibiblio.org/mc/
md5deep - http://md5deep.sourceforge.net/
memfetch - http://themes.freshmeat.net/projects/memfetch/?topic_id=43%2C45%2C47%2C836%2C136
mieliekoek.pl - http://packetstormsecurity.nl/UNIX/security/mieliekoek.pl
minicom - http://hegel.ittc.ukans.edu/topics/linux/man-pages/man1/minicom.1.html
mrtg - http://mrtg.hdl.com/mrtg.html
nasm - http://sourceforge.net/projects/nasm
nast - http://www.aimsniff.com/about.html
nbtscan - http://www.inetcat.org/software/nbtscan.html
nessus - http://nessus.org/
net-snmp - http://net-snmp.sourceforge.net/
netcat - http://www.atstake.com/research/tools/network_utilities/
netsed - http://freshmeat.net/projects/netsed/?topic_id=43
ngrep - http://ngrep.sourceforge.net/
nmap - http://www.insecure.org/nmap/
ntfstools - http://linux-ntfs.sourceforge.net/
ntfstools - http://linux-ntfs.sourceforge.net/
ntop - http://www.ntop.org/ntop.html
ntreg - http://razor.bindview.com/tools/index.shtml
openssl - http://www.openssl.org/
p0f - http://www.sans.org/resources/idfaq/p0f.php
packit - http://packit.sourceforge.net/
paketto - http://www.doxpara.com/read.php/code/paketto.html
partimage - http://www.partimage.org/index.en.html
pasmal - https://sourceforge.net/projects/pasmal/
pnscan - http://freshmeat.net/projects/pnscan/?topic_id=87%2C150%2C861
pv - http://packages.debian.org/unstable/utils/pv.html
raccess - http://salix.org/raccess/
rarpd - http://packages.debian.org/testing/net/rarpd.html
rats - http://www.cisecurity.org/bench_cisco.html
rda - http://md5sa.com/downloads/rda/index.htm
rdesktop - http://www.rdesktop.org/
recover - http://recover.sourceforge.net/linux/recover/
router-audit-tool - http://packages.debian.org/unstable/admin/router-audit-tool.html
rrdtool - http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/
samba - http://us3.samba.org/samba/samba.html
scanerrlog - http://www.librelogiciel.com/software/ScanErrLog/action_Presentation
scanlogd - http://www.openwall.com/scanlogd/
scansort - http://www.geocities.com/SouthBeach/Pier/3193/scansort.html
scanssh - http://www.monkey.org/~provos/scanssh/
scli - http://www.ibr.cs.tu-bs.de/projects/scli/
screamingcobra.pl - http://cobra.lucidx.com/
sendip - http://www.earth.li/projectpurple/progs/sendip.html
shorewall - http://www.shorewall.net/
sing - http://packages.debian.org/unstable/net/sing.html
smb-nat - http://packages.debian.org/unstable/admin/smb-nat.html
smokeping - http://people.ee.ethz.ch/~oetiker/webtools/smokeping/
sniffit - http://reptile.rug.ac.be/~coder/sniffit/sniffit.html
snort - http://www.snort.org/
socat - http://www.dest-unreach.org/socat/
speak-freely - http://www.speakfreely.org/
splint - http://lclint.cs.virginia.edu/
ssh - http://openssh.org/
ssldump http://www.rtfm.com/ssldump/
stegdetect - http://www.outguess.org/detection.php
steghide - http://steghide.sourceforge.net/
strace - http://www.liacs.nl/~wichert/strace/
stunnel - http://www.stunnel.org/
sudo - http://www.courtesan.com/sudo/
swatch - http://swatch.sourceforge.net/
tcpdump - http://www.tcpdump.org/
tcpflow - http://www.circlemud.org/~jelson/software/tcpflow/
tcpreplay - http://tcpreplay.sourceforge.net/
tcptrace - http://www.tcptrace.org/
tetstdisk - http://www.cgsecurity.org/index.html?testdisk.html
valgrind - http://developer.kde.org/~sewardj/
vlad - http://razor.bindview.com/tools/vlad/index.shtml
vnc - http://www.uk.research.att.com/vnc/
vomit - http://vomit.xtdnet.nl/
warscan - http://razor.bindview.com/tools/desc/WarScan_readme.html
wellenreiter - http://www.wellenreiter.net/
xprobe - http://www.sys-security.com/
zodiac http://www.team-teso.net/projects/zodiac/
一、重灌knoppix
knoppix是一个基于debian的在光盘运行的linux,关于knoppix重新定制网上有很多文章了,我其实只是自己做的记录而已。
1、解包ISO
没有空余的机器或空余的分区,只能用虚拟机来折腾。在VPC上添加一个新的linux系统,选好内存大小,硬盘映像文件,然后启动这个系统,在菜单CD -> Capture Image...选择KNOPPIX_V3.2-2003-05-03-EN.iso就可以了。
启动选项输入knoppix 2进入字符模式,用fdisk给/dev/hda分一个区,5个G应该足够,然后用mkfs.ext2给/dev/hda1创建文件系统。再把这个分区mount上:
# mount -o rw /dev/hda1 /mnt/hda1
建立工作目录:
# mkdir /mnt/hda1/knx
# mkdir -p /mnt/hda1/knx/master/KNOPPIX
# mkdir -p /mnt/hda1/knx/source/KNOPPIX
如果机器没有足够内存应该建立一个swap文件,因为最后压缩文件系统的时候会暂时把压缩文件写入内存:
# cd /mnt/hda1/knx ; dd if=/dev/zero of=swapfile bs=1M count=750 ; mkswap swapfile ; swapon swapfile
拷贝knoppix文件,cp的p参数是保持文件的所有属性,这里的拷贝会持续比较长时间。
# cp -Rp /KNOPPIX/* /mnt/hda1/knx/source/KNOPPIX
以下的拷贝是为了重新编译内核以后,重做iso以新内核启动。否则只需拷贝boot.img就可以了。
# cd /cdrom/KNOPPIX
# cp boot.img boot.cat KNOPPIX /mnt/hda1/knx/master/KNOPPIX
进入chroot环境对knoppix进行大刀阔斧的裁剪了:
# chroot /mnt/hda1/knx/source/KNOPPIX
2、裁剪和替换
进入chroot环境后,mount上proc:
# mount -t proc /proc proc
配置好网络准备就绪。由于是基于debian操作系统的,所有的软件包都通过apt系统来维护,所以可能需要修改/etc/apt/sources.list文件,使用速度较快的镜像站点。
然后用apt-get --purge remove program的命令方式删除不需要的东东,减少空间可以装其他自己想要的东东。/usr/share/doc这个目录的东西也比较大,100多M,也剁了。
通过执行deborphan可以找到一些不再关联的包,这些也可以安全的删除。
由于希望knoppix适合honeynet GenII的网桥,必须给内核打补丁:
# apt-get install kernel-source-2.4.20
# apt-get install kernel-patch-xfs
# wget http://users.pandora.be/bart.de.schuymer/ebtables/v2.0/v2.0./ebtables-v2.0.003_vs_2.4.20.diff
# wget http://users.pandora.be/bart.de.schuymer/ebtables/br-nf/bridge-nf-0.0.10-against-2.4.20.diff
# tar jxf kernel-source-2.4.20.tar.bz2
# cp linux/.config kernel-source-2.4.20/
# rm linux
# ln -s kernel-source-2.4.20 linux
# cd linux
# ../kernel-patches/all/apply/xfs
# patch -p1 < ../ebtables-v2.0.003_vs_2.4.20.diff
# patch -p1 < ../bridge-nf-0.0.10-against-2.4.20.diff
我们使用了knoppix的内核配置文件.config,这里要注意的是ebtables的补丁一定要在bridge-nf打,否则会出错误。
# make menuconfig
在内核选项里要把802.1d Ethernet Bridging及相关选项选上,其他的可以根据自己的需求更改定制,执行完这一步打上knoppix的内核补丁:
# patch -p1 < ../knoppix-kernel.patch
然后编译内核:
# make dep
# make bzImage
# make modules
# make moduels_install
编译模块需要不少时间。安装完以后可以把konippix原来内核相关的东西删除:
# rm -rf /usr/src/linux-2.4.20-xfs
# rm -rf /lib/modules/2.4.20-xfs
# rm -rf /boot/*
# rm /vmlinuz
把新的内核拷过去:
# cp System.map /boot/System.map-2.4.20
# cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.20
# cd /boot
# ln -s System.map-2.4.20 System.map
# ln -s vmlinuz-2.4.20 vmlinuz
# cd /
# ln -s boot/vmlinuz-2.4.20 vmlinuz
必须用新内核重新编译cloop.o模块:
# cd /tmp
# wget http://www.knopper.net/download/knoppix/cloop_0.68-2.tar.gz
# tar xzf cloop_0.68-2.tar.gz
# cd cloop-0.68
# make KERNEL_DIR=/usr/src/linux
由于knoppix通过boot.img来启动系统,必须修改之,按ALT+F2进入另外一个非chroot的shell,把boot.img拷过来:
# cp /mnt/hda1/knx/master/KNOPPIX/boot.img /mnt/hda1/knx/source/KNOPPIX/var/tmp
在chroot的shell环境下进行修改。
# cd /tmp
# mkdir boot mroot
# mount boot.img boot -t msdos -o loop=/dev/loop0
# cp boot/miniroot.gz .
# gzip -d miniroot.gz
# mount miniroot mroot -t ext2 -o loop=/dev/loop1
# cp /tmp/cloop-0.68/cloop.o /tmp/mroot/modules/
由于我的内核较大,索性把scsi光驱支持去掉,这样启动的时候速度也会快不少:
# rm -rf /tmp/mroot/modules/scsi
修改/tmp/mroot/linuxrc,设置SCSI_MODULES=""。
其实可以用winimage把boot.img扩大,那么这些东西就可以轻易的放入,用多个启动映像文件,多一种选择更好。注意映像文件名要使用8.3格式,后面提到的diskemu只能使用这个格式。
把miniroot打包回去:
# umount /tmp/mroot
# gzip -9 miniroot
# cp miniroot.gz boot/
把新的内核映像也拷回去:
# cp /boot/vmlinuz-2.4.20 /tmp/boot/vmlinuz
修改/tmp/boot目录下syslinux.cfg文件的DEFAULT vmlinuz设置,把lang=us改为lang=cn 2,把下面所有的lang=us改为lang=cn。这样knoppix重新启动的时候默认把语言属性改为中文,而且默认使用字符模式,没有必要一启动就进入xwindow。
还可以修改/tmp/boot下的boot.msg、f2、logo.16这几个标记。这个新的boot.img就可以把knoppix引导到新的内核,先重新灌装,然后在新的内核下安装与内核相关的驱动。退出chroot环境,用新的boot.img重新制作iso:
# cp /mnt/hda1/knx/source/KNOPPIX/var/tmp/boot.img /mnt/hda1/knx/master/KNOPPIX/boot.img
# cd /mnt/hda1/knx/
# mkisofs -pad -l -r -J -v -V "KNOPPIX" -b KNOPPIX/boot.img -c KNOPPIX/boot.cat -hide-rr-moved -o /mnt/hda1/knx/knoppix.iso /mnt/hda1/knx/master
制作iso速度比较快,把/mnt/hda1/knx/knoppix.iso传到自己的系统里面,然后用这个iso启动虚拟机。
3、更新和安装新的驱动
重新启动后可以用uname -a看看是否已经是新内核。
增强对无线网卡的支持。默认linux是不支持atmel芯片的无线网卡,需要另外安装,这里使用是非官方发布版本:
# chroot /mnt/hda1/knx/source/KNOPPIX
# cd /tmp
# wget http://atmelwlandriver.sourceforge.net/snapshots/atmelwlandriver-ss-20030507.tar.gz
# tar xzf atmelwlandriver-ss-20030507.tar.gz
# cd atmelwlandriver
# make config
Build all [y/N] <-- 这里选y把所有的驱动都编译了。
# make all
# make install
对于orinoco的驱动linux自带内核模块,但默认的驱动不支持无线网卡的monitor模式,airsnort主站提供了相应补丁,可以通过给pcmcia-cs打补丁,也可以通过给orinoco驱动打补丁,这样更简单一些:
# cd /tmp
# wget http://ozlabs.org/people/dgibson/dldwd/orinoco-0.13b.tar.gz
# wget http://airsnort.shmoo.com/orinoco-0.13b-patched.diff
# tar xzf orinoco-0.13b.tar.gz
# cd orinoco-0.13b
# patch -p1 < ../orinoco-0.13b-patched.diff
# make
# make install
linux-wlan-ng的驱动也更新一下:
# cd /tmp
# wget ftp://ftp.linux-wlan.org/pub/linux-wlan-ng/linux-wlan-ng-0.2.1-pre5.tar.gz
# tar xzf linux-wlan-ng-0.2.1-pre5.tar.gz
# cd linux-wlan-ng-0.2.1
# make config <-- 这里可以基本上把所有的驱动都加上
# make all
# make install
prism的芯片也能使用orinoco的驱动,如果确认一些网卡使用的是prism芯片可以修改/etc/pcmcia/config文件,使用的驱动改一下,比如Compaq WL100的网卡原来使用orinoco的驱动,可以把它改成:
bind "prism2_cs"
这样插入Compaq WL100的网卡就会使用linux-wlan-ng的驱动,其它的网卡也可做类似修改,但你得知道网卡使用的芯片。
4、xwindow桌面环境的修改和汉化
KNOPPIX默认使用KDE作为桌面环境,这实在太大了。除了fluxbox、wmake、twm,删除了其它所有桌面环境,fvwm也是非常不错的,直接用apt安装。使用fluxbox作为默认的桌面。输入法使用fcitx,非常不错,而且已经进了debian的sid,以后更新就方便了。修改/etc/init.d/knoppix-autoconfig的1026行附近关于DESKTOP变量的赋值改为如下:
# Also read desired desktop, if any
DESKTOP="$(getbootparam desktop 2>/dev/null)"
# Allow only supported windowmanagers
case "$DESKTOP" in fvwm|windowmaker|wmaker|fluxbox|twm) ;; *) DESKTOP="fluxbox"; ;; esac
knoppix关于xwindow的脚本实际执行的是/etc/X11/Xsession.d/45xsession,里面有启动各种桌面的函数,比如startkde()。需要给fvwm添加一个类似的函数,完全拷贝startfluxbox()。startkde()完全可以删除以节省篇幅。
修改45xsession文件最后部分:
if [ "$LANGUAGE" = "cn" ]; then
export XMODIFIERS=@im=fcitx
/usr/bin/fcitx &
fi
case "$DESKTOP" in
fvwm|FVWM) startfvwm ;;
fluxbox|FLUXBOX) startfluxbox ;;
windowmaker|wmaker|WINDOWMAKER|WMAKER) [ "$FREEMEM" -ge "35000" ] && startwindowmaker || starttwm lowmem 64; ;;
twm|TWM) starttwm; ;;
*) starttwm invalidwm; ;;
esac
这个脚本还有许多地方可以修改,也许你还需要修改/etc/init.d/xsession脚本等等。
字体使用simsun,并且使用firefly的补丁,可以到这里下载:
http://debian.ustc.edu.cn/dev/
修改/etc/gtk/gtkrc.zh_CN:
style "gtk-default-zh-cn" {
fontset = "-misc-simsun-medium-r-normal--14-*-*-*-*-*-iso10646-1,-misc-simsun-medium-r-normal--14-*-*-*-*-*-iso10646-1"
}
class "GtkWidget" style "gtk-default-zh-cn"
修改/etc/init.d/xsession,默认使用root用户启动X。
5、honeynet功能
# mkdir /honeynet
# wget http://honeynet.xfocus.net/papers/honeynet/tools/snort_inline.tgz
# wget http://honeynet.xfocus.net/papers/honeynet/tools/sebeksniff-2.0.1.tar.gz
# wget http://honeynet.xfocus.net/papers/honeynet/tools/sebek-linux-2.0.1.tar.gz
# apt-get install swatch
# apt-get install honeyd
以后再调整。
6、生成压缩文件系统
重灌前建议对系统做一遍升级和清理垃圾的工作。
# apt-get -u upgrade <- 这里要注意,有些服务型的软件会加上开机启动脚本,可以用update-rc.d删除。
# apt-get clean
更新关联:
# updatedb
# umount /proc
退出chroot环境后压缩文件系统:
# mkisofs -R -U -V "KNOPPIX.net filesystem" -P "KNOPPIX www.knoppix.net" -hide-rr-moved -cache-inodes -no-bak -pad /mnt/hda1/knx/source/KNOPPIX | nice -5 /usr/bin/create_compressed_fs - 65536 > /mnt/hda1/knx/master/KNOPPIX/KNOPPIX
二、制作winpe
作为一个工具盘如果有windows环境那就更好了,winpe解决了这个问题。
定制一个winpe非常容易,下面介绍的英文版的定制:
1、首先拷贝winpe光盘的winpe目录到硬盘,假设拷贝的硬盘目录是:e:\winpe。
这个用资源管理器拷贝就可以了。
2、然后从微软网站下载MSA EDC Deployment Kit。
e:\temp\>wget http://download.microsoft.com/download/win2000srv/MSAEDC/EDC1.5/NT5/EN-US/05-EDCv1.5DeploymentKit.exe
解开这个包到e:\temp\EDCAPFDeployment,然后:
e:\temp\>copy EDCAPFDeployment\WinPESupport\WINPESYS.INF e:\winpe
这里的WINPESYS.INF其实是添加了ramdisk的支持,默认盘符是r,大小是4M。可以通过修改HKLM,"SYSTEM\ControlSet001\Services\ramdrv\Parameters","DriveLetter",0000000000,"R:"来改变盘符,修改HKLM,"SYSTEM\ControlSet001\Services\ramdrv\Parameters","DiskSize",0x00010001,0x400000来改版大小。
3、准备winxp的光盘,比如在f盘。很奇怪那个pebuilder为什么要用sp1的光盘,我发现就xp的安装也是可以制作的。
4、运行mkimg.cmd脚本,生成winpe的文件。
如果你想让winpe启动的时候在内存执行程序,可以修改e:\winpe目录下的config.inf文件,把osloadoptions项改成如下:
osloadoptions=txtsetup.sif,setupdata,"/fastdetect /minint /noguiboot /inram"
但是确定你的系统有256M内存。
如果想修改启动提示信息,修改loaderprompt项。当然这两项都可以不做,直接用以下命令生成winpe文件:
e:\winpe\>mkimg.cmd f: e:\temp\winpe.tmp
如果删除i386下的WinSxS目录及其文件,最后做成的iso会不能使用notepad。但是如果直接改微软发布的winpe iso,都会造成notepad不能执行,不知道为什么。
5、拷贝ramdisk的驱动文件
e:\winpe\>copy e:\temp\EDCAPFDeployment\WinPESupport\ramdrv.INF e:\temp\winpe.tmp\I386\infe:\winpe\>copy e:\temp\EDCAPFDeployment\WinPESupport\ramdrv.sys e:\temp\winpe.tmp\I386\system32\drivers6、加上erd command 2002
只需拷贝commandshell.exe, common.dll, compmgmt.exe, cs.cfg, dt.cfg, erdcmdr2002.cnt, erdhelp.exe, explorer.exe, fauxshell.dll, fe.cfg, filesearch.exe, locksmith.exe, logoff.exe, logon.exe, ntfsver.exe, pwdserv.exe, tcpcfg.exe, windowsshell.exe这几个文件到e:\temp\winpe.tmp\I386\system32下面就可以了。做成iso启动后在system32目录下执行logon就能进入erd,即使不想用erd,还可以使用它的一些工具,比如用tcpcfg就可以方便的配置网络。
7、调整winpe
现在就可以制作iso了,但是这样winpe启动的时候会提示Press any key to boot from CD.,如果没有按键就想从硬盘引导,只需删除e:\temp\winpe.tmp\i386目录下的BOOTFIX.BIN文件就不会有这个提示了。
winpe启动的时候首先会使用e:\temp\winpe.tmp\I386\system32\startnet.cmd文件,可以编辑这个脚本,使得启动时更加方便。
三、制作iso文件。
DISKEMU是一个多启动光盘常用的软件,而且它使用也非常简单。建立工作目录e:\cd,拷贝DISKEM1X.BIN、DISKEMU.CMD到cd目录。在cd目录下建立IMG、KNOPPIX目录。
拷贝KNOPPIX的压缩文件KNOPPIX到e:\cd\KNOPPIX下,拷贝boot.img到e:\cd\img\knoppix.img,再拷贝一份到e:\cd\KNOPPIX\下面,否则在使用knx-hdinstsall脚本把knoppix安装到硬盘的时候会不正确。
把e:\temp\winpe.tmp下所有文件拷贝到e:\cd下,拷贝e:\winpe\ETFSBOOT.COM到e:\cd\img\winpe.bin。
修改DISKEMU.CMD文件,以下是个参考:
cd img
:start
cls
print 1. KNOPPIX
print 2. WindowsPE
print r. Reboot
print q. Quit to command prompt
print Esc. Boot first harddisk
:mainkey
; timeout is 60 seconds, default key is escape
getkey 60 esc
onkey 1 goto knoppix
onkey 2 goto winpe
onkey f1 goto help
onkey q quit
onkey r reboot
onkey f boot 0
onkey esc boot 80
; When no key found...
goto mainkey
;
:help
cls
print HELP
print ----
print + Have ISO9660 filesystem support, you can do "dir" and "cd"
print + A "advanced" command prompt to load anything you want
print + A simple bootmenu for "less" advanced users
print + Autodetection of floppy image types (by filesize)
print + Using a bootable Diskemu 1.x CD-Rom, you can even boot images from "non-
print bootable" CD-Roms, just swap the CD, type "cd \" and you can use that CD.
print (Cool!)
print + You can create a multiboot bootable CD-Rom using (almost) any recording
print software you want
print + Supported floppy types: 160KB, 180KB, 320KB, 360KB, 1.2MB, 720KB, 820KB,
print 1.44MB, 1.68MB, 1.72MB, 2.88MB
print All supported command are listed below.
print batch boot bootinfotable cd cls dir
print echo emusegm getkey goto help keyval
print loadsegm onkey print quit readtest reboot
print run test type ver
print help <command> (or ?) Displays help about <command>
print Press any key to return to main menu
getkey
goto start
;
:knoppix
print Use KNOPPIX
run knoppix.img
getkey
goto start
;
:winpe
print WindowsPE
run winpe.bin
getkey
goto start
;
; EOF
然后就可以制作iso文件了,但是必须要注意iso的格式,不能用iso9660,要使用兼容iso9660文件的Joliet格式,cdimage的-j1参数满足这个条件:
cdimage -ltoolcd -j1 -bloader.bin cd toolcd.iso
OK,用toolcd.iso引导试试。
四、简单使用说明
linux部分:
1、启动菜单选择1是启动没有SCSI的KNOPPIX,但速度比较快,选择2是有SCSI的KNOPPIX,启动检测SCSI设备。
2、vmware里从xwindow退出会造成屏幕变小还没有找到问题所在。
3、如果机器有多个光驱,要放在/dev/cdrom这个光驱里,否则不能启动。
4、可以用knx-hdinstall脚本把系统方便快速的安装到硬盘。
winpe部分:
1、启动后会使用startcmd.net的脚本,首先提示系统分辨率,默认是800x600。
2、提示启动网络还是启动erd command(硬盘需要有win系统,license在光盘根目录)。
3、输入explorer启动erd的资源管理器,硬盘有fat、ntfs分区也可以直接读写。
4、tools目录会加到PATH环境变量里面,里面有很多好玩的东东,你还可以自己再添加。
声明:
由于该光盘包含了很多商业软件,所以没法提供下载的,也不要问我这些东东从那里来。我只是给大家介绍一个工具光盘的制作方法,方便大家做渗透测试、调查取证、入侵检测、网络陷阱等等。
参考:
http://www.knoppix.net/docs/index.php/KnoppixRemasteringHowto
http://www.knoppix.net/docs/index.php/KnoppixCustomKernelHowto
http://www.microsoft.com/technet/itsolutions/edc/pak/build/EDCBLD05.ASP
