分享
 
 
 

knoppix

王朝other·作者佚名  2006-01-09
窄屏简体版  字體: |||超大  

std的软件列表

Tools are grouped as follows:

authentication

/usr/bin/auth/

freeradius 0.9.3 : GPL RADIUS server

encryption

/usr/bin/crypto/

2c2 : multiple plaintext -> one ciphertext

4c : as with 2c2 (think plausible deniability)

acfe : traditional cryptanalysis (like Vigenere)

cryptcat : netcat + encryption

gifshuffle : stego tool for gif images

gpg 1.2.3 : GNU Privacy Guard

ike-scan : VPN fingerprinting

mp3stego : stego tool for mp3

openssl 0.9.7c

outguess : stego tool

stegbreak : brute-force stego'ed JPG

stegdetect : discover stego'ed JPG

sslwrap : SSL wrapper

stunnel : SSL wrapper

super-freeSWAN 1.99.8 : kernel IPSEC support

texto : make gpg ascii-armour look like weird English

xor-analyze : another "intro to crytanalysis" tool

forensics

/usr/bin/forensics/

sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.

autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence

biew : binary viewer

bsed : binary stream editor

consh : logged shell (from F.I.R.E.)

coreography : analyze core files

dcfldd : US DoD Computer Forensics Lab version of dd

fenris : code debugging, tracing, decompiling, reverse engineering tool

fatback : Undelete FAT files

foremost : recover specific file types from disk images (like all JPG files)

ftimes : system baseline tool (be proactive)

galleta : recover Internet Explorer cookies

hashdig : dig through hash databases

hdb : java decompiler

mac-robber : TCT's graverobber written in C

md5deep : run md5 against multiple files/directories

memfetch : force a memory dump

pasco : browse IE index.dat

photorec : grab files from digital cameras

readdbx : convert Outlook Express .dbx files to mbox format

readoe : convert entire Outlook Express .directory to mbox format

rifiuti : browse Windows Recycle Bin INFO2 files

secure_delete : securely delete files, swap, memory....

testdisk : test and recover lost partitions

wipe : wipe a partition securely. good for prep'ing a partition for dd

and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)

firewall

/usr/bin/fw/

blockall : script to block all inbound TCP (excepting localhost)

flushall : flush all firewall rules

firestarter : quick way to a firewall

firewalk : map a firewall's rulebase

floppyfw : turn a floppy into a firewall

fwlogwatch : monitor firewall logs

iptables 1.2.8

gtk-iptables : GUI front-end

shorewall 1.4.8-RC1 : iptables based package

honeypots

/usr/bin/honeypot/

honeyd 0.7

labrea : tarpit (slow to a crawl) worms and port scanners

thp : tiny honeypot

ids

/usr/bin/ids/

snort 2.1.0: everyone's favorite networks IDS

ACID : snort web frontend

barnyard : fast snort log processor

oinkmaster : keep your snort rules up to date

hogwash : access control based on snort sigs

bro : network IDS

prelude : network and host IDS

WIDZ : wireless IDS, ap and probe monitor

aide : host baseline tool, tripwire-esque

logsnorter : log monitor

swatch : monitor any file, oh like say syslog

sha1sum

md5sum

syslogd

network utilities

/usr/bin/net-utils/

LinNeighboorhood : browse SMB networks like windows network neighborhood

argus : network auditor

arpwatch : keep track of the MACs on your wire

cdpr : cisco discovery protocol reporter

cheops : snmp, network discovery and monitor tool

etherape : network monitor and visualization tool

iperf : measure IP performance

ipsc : IP subnet calculator

iptraf : network monitor

mrtg : multi router traffic grapher

mtr : traceroute tool

ntop 2.1.0 : network top, protocol analyzer

rrdtool : round robin database

samba : opensource SMB support

tcptrack : track existing connections

password tools

/usr/bin/pwd-tools/

john 1.6.34 : John the Ripper password cracker

allwords2 : CERIAS's 27MB English dictionary

chntpw : reset passwords on a Windows box (including Administrator)

cisilia : distributed password cracker

cmospwd : find local CMOS password

djohn : distributed John the Ripper

pwl9x : crack Win9x password files

rcrack : rainbow crack

servers

/usr/bin/servers

apache

ircd-hybrid

samba

smail

sshd

vnc

net-snmp

tftpd

xinetd

packet sniffers

/usr/bin/sniff/

aimSniff : sniff AIM traffic

driftnet : sniffs for images

dsniff : sniffs for cleartext passwords (thanks Dug)

ethereal 0.10.0 : the standard. includes tethereal

ettercap 0.6.b : sniff on a switched network and more.

filesnarf : grab files out of NFS traffic

mailsnarf : sniff smtp/pop traffic

msgsnarf : sniff aol-im, msn, yahoo-im, irc, icq traffic

ngrep : network grep, a sniffer with grep filter capabilities

tcpdump : the core of it all

urlsnarf : log all urls visited on the wire

webspy : mirror all urls visited by a host in your local browser

tcp tools

/usr/bin/tcp-tools/

arpfetch : fetch MAC

arping : ping by MAC

arpspoof : spoof arp

arpwatch : montior MAC addresses on the wire

despoof : detect spoofed packets via TTL measurement

excalibur : packet generator

file2cable : replay a packet capture

fragroute : packet fragmentation tool (thanks again Dug)

gspoof : packet generator

hopfake : spoof hopcount replies

hunt : tcp hijacker

ipmagic : packet generator

lcrzoex : suite of tcp tools

macof : flood a switch with MACs

packetto : Dan Kaminsky's suite of tools (includes 1.10 and 2.0pre3)

netsed : insert and replace strings in live traffic

packETH : packet generator

tcpkill : die tcp, die!

tcpreplay : replay packet captures

tunnels

/usr/bin/tunnels/

cryptcat : encrypted netcat

httptunnel : tunnel data over http

icmpshell : tunnel data over icmp

netcat : the incomparable tcp swiss army knife

shadyshell : tunnel data over udp

stegtunnel : hide data in TCP/IP headers

tcpstatflow : detect data tunnels

tiny shell : small encrypted shell

vulnerability assessment

/usr/bin/vuln-test/

Way too many to list them all. There's much from THC, ADM, RFP, NMRC, TESO, Phenoelit. Be very careful with these tools. Remember, no guarantees are offered and you are entirely responsible for your own actions.

ADM tools : like ADM-smb and ADMkillDNS

amap 4.5 : maps applications running on remote hosts

IRPAS : Internet Routing Protocol Attack Suite

chkrootkit 0.43 : look for rootkits

clamAV : virus scanner. update your signatures live with freshclam

curl : commandline utility for transferring anything with a URL

exodus : web application auditor

ffp : fuzzy fingerprinter for encrypted connections

firewalk : map a firewall rulebase

hydra : brute force tool

nbtscan : scan SMB networks

ncpquery : scan NetWare servers

nessus 2.0.9 : vulnerability scanner. update your plugins live with nessus-update-plugins

nikto : CGI scanner

nmap 3.48 : the standard in host/port enumeration

p0f : passive OS fingerprinter

proxychains: chain together multiple proxy servers

rpcinfo : hmmmm.... info from RPC?

screamingCobra : CGI scanner

siege : http testing and benchmarking utility

sil : tiny banner grabber

snot : replay snort rules back onto the wire. test your ids/incidence response/etc.

syslog_deluxe : spoof syslog messages

thcrut : THC's "r you there?" network mapper

vmap : maps application versions

warscan : exploit automation tool

xprobe2 : uses ICMP for fingerprinting

yaph : yet another proxy hunter

zz : zombie zapper kills DDoS zombies

wireless tools

/usr/bin/wireless/

airsnarf : rogue AP setup utility

airsnort : sniff, find, crack 802.11b

airtraf : 802.11b network performance analyzer

gpsdrive : use GPS and maps

kismet 3.0.1 : for 802.11 what else do you need?

kismet-log-viewer : manage your kismet logs

macchanger : change your MAC address

wellenreiter : 802.11b discovery and auditing

patched orinoco drivers : automatic (no scripts necessary)

下面是localareasecurfity的软件,没分类的

ISIC - http://www.packetfactory.net/Projects/ISIC/

LinNeighborhood - http://www.bnro.de/~schmidjo/

SARA - http://www-arc.com/sara/

admsmp - ftp://freelsd.net/

admsnmp - ftp://freelsd.net/

aide - http://www.cs.tut.fi/~rammer/aide.html

airsnort - http://airsnort.shmoo.com/

amap - http://www.thc.org/releases.php

angst - http://angst.sourceforge.net/

argus-client - http://www.qosient.com/argus/

argus-server - http://www.qosient.com/argus/

arptool - http://users.hotlink.com.br/lincoln/arptool/

arpwatch - http://www.securityfocus.com/tools/142

atmelwlandriver - http://atmelwlandriver.sourceforge.net/news.html

autopsy / sleuthkit - http://www.sleuthkit.org/

bass - http://www.securityfocus.com/tools/394

bfbtester - http://bfbtester.sourceforge.net/

biew - http://biew.sourceforge.net/en/biew.html

binutils - http://sources.redhat.com/binutils/

bruth - http://bruth.sourceforge.net/

bsed - http://www1.bell-labs.com/project/wwexptools/bsed/

cabextract - http://www.kyz.uklinux.net/cabextract.php

ccrypt - http://quasar.mathstat.uottawa.ca/~selinger/ccrypt/

cflow - http://net.doit.wisc.edu/~plonka/Cflow/

cgrep - http://www1.bell-labs.com/project/wwexptools/cgrep/

cheops - http://www.marko.net/cheops/

chkrootkit - http://www.chkrootkit.org/

clamav - http://clamav.elektrapro.com/

cmospwd - http://www.cgsecurity.org/index.html?cmospwd.html

crank - http://crank.sourceforge.net/about.html

cryptcat - http://sourceforge.net/projects/cryptcat/

cscope - http://cscope.sourceforge.net/

curl - http://curl.haxx.se/

darkstat - http://members.optushome.com.au/emikulic/net/darkstat/

disco - http://www.altmode.com/disco/

dlint - http://www.domtools.com/dns/dlint.shtml

driftnet - http://www.ex-parrot.com/~chris/driftnet/

dsniff - http://naughty.monkey.org/~dugsong/dsniff/

echoping - http://echoping.sourceforge.net/

ethereal- http://ethereal.com/

ettercap - http://ettercap.sourceforge.net/

ettercap-gtk - http://www.dnetc.org/?s=ettercap

farpd - http://packages.debian.org/unstable/net/farpd.html

fenris - http://razor.bindview.com/tools/fenris/

findutils - http://www.gnu.org/software/findutils/findutils.html

firewalk - http://www.packetfactory.net/firewalk/

foremost - http://foremost.sourceforge.net/

fping - http://www.fping.com/

fragroute - http://www.monkey.org/~dugsong/fragroute/

gkismet - http://gkismet.sourceforge.net/

gnupg - http://www.gnupg.org/

gpa - http://www.gnupg.org/(en)/related_software/gpa/index.html

hackbot - http://freshmeat.net/projects/hackbot/?topic_id=87%2C43%2C861

hammerhead - http://hammerhead.sourceforge.net/

hlfl - http://www.hlfl.org/

hping2 - http://www.hping.org/

httptunnel - http://www.nocrew.org/software/httptunnel.html

httpush - http://sourceforge.net/projects/httpush

hunt - http://packages.debian.org/stable/net/hunt.html

idsa / idsaguardgtk - http://jade.cs.uct.ac.za/idsa/

idswakeup - http://www.hsc.fr/ressources/outils/idswakeup/

iptraf - http://cebu.mozcom.com/riker/iptraf/

john - http://www.openwall.com/john/

kismet - http://www.kismetwireless.net/

knocker - http://knocker.sourceforge.net/

libdbx - http://sourceforge.net/projects/ol2mbox

libpst - http://sourceforge.net/projects/ol2mbox

ltrace - http://freshmeat.net/projects/ltrace/?topic_id=846%2C47

macchanger - http://www.alobbs.com/modules.php?op=modload&name=macc&file=index

macrobber - http://www.sleuthkit.org/mac-robber/desc.php

mc - http://www.ibiblio.org/mc/

md5deep - http://md5deep.sourceforge.net/

memfetch - http://themes.freshmeat.net/projects/memfetch/?topic_id=43%2C45%2C47%2C836%2C136

mieliekoek.pl - http://packetstormsecurity.nl/UNIX/security/mieliekoek.pl

minicom - http://hegel.ittc.ukans.edu/topics/linux/man-pages/man1/minicom.1.html

mrtg - http://mrtg.hdl.com/mrtg.html

nasm - http://sourceforge.net/projects/nasm

nast - http://www.aimsniff.com/about.html

nbtscan - http://www.inetcat.org/software/nbtscan.html

nessus - http://nessus.org/

net-snmp - http://net-snmp.sourceforge.net/

netcat - http://www.atstake.com/research/tools/network_utilities/

netsed - http://freshmeat.net/projects/netsed/?topic_id=43

ngrep - http://ngrep.sourceforge.net/

nmap - http://www.insecure.org/nmap/

ntfstools - http://linux-ntfs.sourceforge.net/

ntfstools - http://linux-ntfs.sourceforge.net/

ntop - http://www.ntop.org/ntop.html

ntreg - http://razor.bindview.com/tools/index.shtml

openssl - http://www.openssl.org/

p0f - http://www.sans.org/resources/idfaq/p0f.php

packit - http://packit.sourceforge.net/

paketto - http://www.doxpara.com/read.php/code/paketto.html

partimage - http://www.partimage.org/index.en.html

pasmal - https://sourceforge.net/projects/pasmal/

pnscan - http://freshmeat.net/projects/pnscan/?topic_id=87%2C150%2C861

pv - http://packages.debian.org/unstable/utils/pv.html

raccess - http://salix.org/raccess/

rarpd - http://packages.debian.org/testing/net/rarpd.html

rats - http://www.cisecurity.org/bench_cisco.html

rda - http://md5sa.com/downloads/rda/index.htm

rdesktop - http://www.rdesktop.org/

recover - http://recover.sourceforge.net/linux/recover/

router-audit-tool - http://packages.debian.org/unstable/admin/router-audit-tool.html

rrdtool - http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/

samba - http://us3.samba.org/samba/samba.html

scanerrlog - http://www.librelogiciel.com/software/ScanErrLog/action_Presentation

scanlogd - http://www.openwall.com/scanlogd/

scansort - http://www.geocities.com/SouthBeach/Pier/3193/scansort.html

scanssh - http://www.monkey.org/~provos/scanssh/

scli - http://www.ibr.cs.tu-bs.de/projects/scli/

screamingcobra.pl - http://cobra.lucidx.com/

sendip - http://www.earth.li/projectpurple/progs/sendip.html

shorewall - http://www.shorewall.net/

sing - http://packages.debian.org/unstable/net/sing.html

smb-nat - http://packages.debian.org/unstable/admin/smb-nat.html

smokeping - http://people.ee.ethz.ch/~oetiker/webtools/smokeping/

sniffit - http://reptile.rug.ac.be/~coder/sniffit/sniffit.html

snort - http://www.snort.org/

socat - http://www.dest-unreach.org/socat/

speak-freely - http://www.speakfreely.org/

splint - http://lclint.cs.virginia.edu/

ssh - http://openssh.org/

ssldump http://www.rtfm.com/ssldump/

stegdetect - http://www.outguess.org/detection.php

steghide - http://steghide.sourceforge.net/

strace - http://www.liacs.nl/~wichert/strace/

stunnel - http://www.stunnel.org/

sudo - http://www.courtesan.com/sudo/

swatch - http://swatch.sourceforge.net/

tcpdump - http://www.tcpdump.org/

tcpflow - http://www.circlemud.org/~jelson/software/tcpflow/

tcpreplay - http://tcpreplay.sourceforge.net/

tcptrace - http://www.tcptrace.org/

tetstdisk - http://www.cgsecurity.org/index.html?testdisk.html

valgrind - http://developer.kde.org/~sewardj/

vlad - http://razor.bindview.com/tools/vlad/index.shtml

vnc - http://www.uk.research.att.com/vnc/

vomit - http://vomit.xtdnet.nl/

warscan - http://razor.bindview.com/tools/desc/WarScan_readme.html

wellenreiter - http://www.wellenreiter.net/

xprobe - http://www.sys-security.com/

zodiac http://www.team-teso.net/projects/zodiac/

一、重灌knoppix

knoppix是一个基于debian的在光盘运行的linux,关于knoppix重新定制网上有很多文章了,我其实只是自己做的记录而已。

1、解包ISO

没有空余的机器或空余的分区,只能用虚拟机来折腾。在VPC上添加一个新的linux系统,选好内存大小,硬盘映像文件,然后启动这个系统,在菜单CD -> Capture Image...选择KNOPPIX_V3.2-2003-05-03-EN.iso就可以了。

启动选项输入knoppix 2进入字符模式,用fdisk给/dev/hda分一个区,5个G应该足够,然后用mkfs.ext2给/dev/hda1创建文件系统。再把这个分区mount上:

# mount -o rw /dev/hda1 /mnt/hda1

建立工作目录:

# mkdir /mnt/hda1/knx

# mkdir -p /mnt/hda1/knx/master/KNOPPIX

# mkdir -p /mnt/hda1/knx/source/KNOPPIX

如果机器没有足够内存应该建立一个swap文件,因为最后压缩文件系统的时候会暂时把压缩文件写入内存:

# cd /mnt/hda1/knx ; dd if=/dev/zero of=swapfile bs=1M count=750 ; mkswap swapfile ; swapon swapfile

拷贝knoppix文件,cp的p参数是保持文件的所有属性,这里的拷贝会持续比较长时间。

# cp -Rp /KNOPPIX/* /mnt/hda1/knx/source/KNOPPIX

以下的拷贝是为了重新编译内核以后,重做iso以新内核启动。否则只需拷贝boot.img就可以了。

# cd /cdrom/KNOPPIX

# cp boot.img boot.cat KNOPPIX /mnt/hda1/knx/master/KNOPPIX

进入chroot环境对knoppix进行大刀阔斧的裁剪了:

# chroot /mnt/hda1/knx/source/KNOPPIX

2、裁剪和替换

进入chroot环境后,mount上proc:

# mount -t proc /proc proc

配置好网络准备就绪。由于是基于debian操作系统的,所有的软件包都通过apt系统来维护,所以可能需要修改/etc/apt/sources.list文件,使用速度较快的镜像站点。

然后用apt-get --purge remove program的命令方式删除不需要的东东,减少空间可以装其他自己想要的东东。/usr/share/doc这个目录的东西也比较大,100多M,也剁了。

通过执行deborphan可以找到一些不再关联的包,这些也可以安全的删除。

由于希望knoppix适合honeynet GenII的网桥,必须给内核打补丁:

# apt-get install kernel-source-2.4.20

# apt-get install kernel-patch-xfs

# wget http://users.pandora.be/bart.de.schuymer/ebtables/v2.0/v2.0./ebtables-v2.0.003_vs_2.4.20.diff

# wget http://users.pandora.be/bart.de.schuymer/ebtables/br-nf/bridge-nf-0.0.10-against-2.4.20.diff

# tar jxf kernel-source-2.4.20.tar.bz2

# cp linux/.config kernel-source-2.4.20/

# rm linux

# ln -s kernel-source-2.4.20 linux

# cd linux

# ../kernel-patches/all/apply/xfs

# patch -p1 < ../ebtables-v2.0.003_vs_2.4.20.diff

# patch -p1 < ../bridge-nf-0.0.10-against-2.4.20.diff

我们使用了knoppix的内核配置文件.config,这里要注意的是ebtables的补丁一定要在bridge-nf打,否则会出错误。

# make menuconfig

在内核选项里要把802.1d Ethernet Bridging及相关选项选上,其他的可以根据自己的需求更改定制,执行完这一步打上knoppix的内核补丁:

# patch -p1 < ../knoppix-kernel.patch

然后编译内核:

# make dep

# make bzImage

# make modules

# make moduels_install

编译模块需要不少时间。安装完以后可以把konippix原来内核相关的东西删除:

# rm -rf /usr/src/linux-2.4.20-xfs

# rm -rf /lib/modules/2.4.20-xfs

# rm -rf /boot/*

# rm /vmlinuz

把新的内核拷过去:

# cp System.map /boot/System.map-2.4.20

# cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.20

# cd /boot

# ln -s System.map-2.4.20 System.map

# ln -s vmlinuz-2.4.20 vmlinuz

# cd /

# ln -s boot/vmlinuz-2.4.20 vmlinuz

必须用新内核重新编译cloop.o模块:

# cd /tmp

# wget http://www.knopper.net/download/knoppix/cloop_0.68-2.tar.gz

# tar xzf cloop_0.68-2.tar.gz

# cd cloop-0.68

# make KERNEL_DIR=/usr/src/linux

由于knoppix通过boot.img来启动系统,必须修改之,按ALT+F2进入另外一个非chroot的shell,把boot.img拷过来:

# cp /mnt/hda1/knx/master/KNOPPIX/boot.img /mnt/hda1/knx/source/KNOPPIX/var/tmp

在chroot的shell环境下进行修改。

# cd /tmp

# mkdir boot mroot

# mount boot.img boot -t msdos -o loop=/dev/loop0

# cp boot/miniroot.gz .

# gzip -d miniroot.gz

# mount miniroot mroot -t ext2 -o loop=/dev/loop1

# cp /tmp/cloop-0.68/cloop.o /tmp/mroot/modules/

由于我的内核较大,索性把scsi光驱支持去掉,这样启动的时候速度也会快不少:

# rm -rf /tmp/mroot/modules/scsi

修改/tmp/mroot/linuxrc,设置SCSI_MODULES=""。

其实可以用winimage把boot.img扩大,那么这些东西就可以轻易的放入,用多个启动映像文件,多一种选择更好。注意映像文件名要使用8.3格式,后面提到的diskemu只能使用这个格式。

把miniroot打包回去:

# umount /tmp/mroot

# gzip -9 miniroot

# cp miniroot.gz boot/

把新的内核映像也拷回去:

# cp /boot/vmlinuz-2.4.20 /tmp/boot/vmlinuz

修改/tmp/boot目录下syslinux.cfg文件的DEFAULT vmlinuz设置,把lang=us改为lang=cn 2,把下面所有的lang=us改为lang=cn。这样knoppix重新启动的时候默认把语言属性改为中文,而且默认使用字符模式,没有必要一启动就进入xwindow。

还可以修改/tmp/boot下的boot.msg、f2、logo.16这几个标记。这个新的boot.img就可以把knoppix引导到新的内核,先重新灌装,然后在新的内核下安装与内核相关的驱动。退出chroot环境,用新的boot.img重新制作iso:

# cp /mnt/hda1/knx/source/KNOPPIX/var/tmp/boot.img /mnt/hda1/knx/master/KNOPPIX/boot.img

# cd /mnt/hda1/knx/

# mkisofs -pad -l -r -J -v -V "KNOPPIX" -b KNOPPIX/boot.img -c KNOPPIX/boot.cat -hide-rr-moved -o /mnt/hda1/knx/knoppix.iso /mnt/hda1/knx/master

制作iso速度比较快,把/mnt/hda1/knx/knoppix.iso传到自己的系统里面,然后用这个iso启动虚拟机。

3、更新和安装新的驱动

重新启动后可以用uname -a看看是否已经是新内核。

增强对无线网卡的支持。默认linux是不支持atmel芯片的无线网卡,需要另外安装,这里使用是非官方发布版本:

# chroot /mnt/hda1/knx/source/KNOPPIX

# cd /tmp

# wget http://atmelwlandriver.sourceforge.net/snapshots/atmelwlandriver-ss-20030507.tar.gz

# tar xzf atmelwlandriver-ss-20030507.tar.gz

# cd atmelwlandriver

# make config

Build all [y/N] <-- 这里选y把所有的驱动都编译了。

# make all

# make install

对于orinoco的驱动linux自带内核模块,但默认的驱动不支持无线网卡的monitor模式,airsnort主站提供了相应补丁,可以通过给pcmcia-cs打补丁,也可以通过给orinoco驱动打补丁,这样更简单一些:

# cd /tmp

# wget http://ozlabs.org/people/dgibson/dldwd/orinoco-0.13b.tar.gz

# wget http://airsnort.shmoo.com/orinoco-0.13b-patched.diff

# tar xzf orinoco-0.13b.tar.gz

# cd orinoco-0.13b

# patch -p1 < ../orinoco-0.13b-patched.diff

# make

# make install

linux-wlan-ng的驱动也更新一下:

# cd /tmp

# wget ftp://ftp.linux-wlan.org/pub/linux-wlan-ng/linux-wlan-ng-0.2.1-pre5.tar.gz

# tar xzf linux-wlan-ng-0.2.1-pre5.tar.gz

# cd linux-wlan-ng-0.2.1

# make config <-- 这里可以基本上把所有的驱动都加上

# make all

# make install

prism的芯片也能使用orinoco的驱动,如果确认一些网卡使用的是prism芯片可以修改/etc/pcmcia/config文件,使用的驱动改一下,比如Compaq WL100的网卡原来使用orinoco的驱动,可以把它改成:

bind "prism2_cs"

这样插入Compaq WL100的网卡就会使用linux-wlan-ng的驱动,其它的网卡也可做类似修改,但你得知道网卡使用的芯片。

4、xwindow桌面环境的修改和汉化

KNOPPIX默认使用KDE作为桌面环境,这实在太大了。除了fluxbox、wmake、twm,删除了其它所有桌面环境,fvwm也是非常不错的,直接用apt安装。使用fluxbox作为默认的桌面。输入法使用fcitx,非常不错,而且已经进了debian的sid,以后更新就方便了。修改/etc/init.d/knoppix-autoconfig的1026行附近关于DESKTOP变量的赋值改为如下:

# Also read desired desktop, if any

DESKTOP="$(getbootparam desktop 2>/dev/null)"

# Allow only supported windowmanagers

case "$DESKTOP" in fvwm|windowmaker|wmaker|fluxbox|twm) ;; *) DESKTOP="fluxbox"; ;; esac

knoppix关于xwindow的脚本实际执行的是/etc/X11/Xsession.d/45xsession,里面有启动各种桌面的函数,比如startkde()。需要给fvwm添加一个类似的函数,完全拷贝startfluxbox()。startkde()完全可以删除以节省篇幅。

修改45xsession文件最后部分:

if [ "$LANGUAGE" = "cn" ]; then

export XMODIFIERS=@im=fcitx

/usr/bin/fcitx &

fi

case "$DESKTOP" in

fvwm|FVWM) startfvwm ;;

fluxbox|FLUXBOX) startfluxbox ;;

windowmaker|wmaker|WINDOWMAKER|WMAKER) [ "$FREEMEM" -ge "35000" ] && startwindowmaker || starttwm lowmem 64; ;;

twm|TWM) starttwm; ;;

*) starttwm invalidwm; ;;

esac

这个脚本还有许多地方可以修改,也许你还需要修改/etc/init.d/xsession脚本等等。

字体使用simsun,并且使用firefly的补丁,可以到这里下载:

http://debian.ustc.edu.cn/dev/

修改/etc/gtk/gtkrc.zh_CN:

style "gtk-default-zh-cn" {

fontset = "-misc-simsun-medium-r-normal--14-*-*-*-*-*-iso10646-1,-misc-simsun-medium-r-normal--14-*-*-*-*-*-iso10646-1"

}

class "GtkWidget" style "gtk-default-zh-cn"

修改/etc/init.d/xsession,默认使用root用户启动X。

5、honeynet功能

# mkdir /honeynet

# wget http://honeynet.xfocus.net/papers/honeynet/tools/snort_inline.tgz

# wget http://honeynet.xfocus.net/papers/honeynet/tools/sebeksniff-2.0.1.tar.gz

# wget http://honeynet.xfocus.net/papers/honeynet/tools/sebek-linux-2.0.1.tar.gz

# apt-get install swatch

# apt-get install honeyd

以后再调整。

6、生成压缩文件系统

重灌前建议对系统做一遍升级和清理垃圾的工作。

# apt-get -u upgrade <- 这里要注意,有些服务型的软件会加上开机启动脚本,可以用update-rc.d删除。

# apt-get clean

更新关联:

# updatedb

# umount /proc

退出chroot环境后压缩文件系统:

# mkisofs -R -U -V "KNOPPIX.net filesystem" -P "KNOPPIX www.knoppix.net" -hide-rr-moved -cache-inodes -no-bak -pad /mnt/hda1/knx/source/KNOPPIX | nice -5 /usr/bin/create_compressed_fs - 65536 > /mnt/hda1/knx/master/KNOPPIX/KNOPPIX

二、制作winpe

作为一个工具盘如果有windows环境那就更好了,winpe解决了这个问题。

定制一个winpe非常容易,下面介绍的英文版的定制:

1、首先拷贝winpe光盘的winpe目录到硬盘,假设拷贝的硬盘目录是:e:\winpe。

这个用资源管理器拷贝就可以了。

2、然后从微软网站下载MSA EDC Deployment Kit。

e:\temp\>wget http://download.microsoft.com/download/win2000srv/MSAEDC/EDC1.5/NT5/EN-US/05-EDCv1.5DeploymentKit.exe

解开这个包到e:\temp\EDCAPFDeployment,然后:

e:\temp\>copy EDCAPFDeployment\WinPESupport\WINPESYS.INF e:\winpe

这里的WINPESYS.INF其实是添加了ramdisk的支持,默认盘符是r,大小是4M。可以通过修改HKLM,"SYSTEM\ControlSet001\Services\ramdrv\Parameters","DriveLetter",0000000000,"R:"来改变盘符,修改HKLM,"SYSTEM\ControlSet001\Services\ramdrv\Parameters","DiskSize",0x00010001,0x400000来改版大小。

3、准备winxp的光盘,比如在f盘。很奇怪那个pebuilder为什么要用sp1的光盘,我发现就xp的安装也是可以制作的。

4、运行mkimg.cmd脚本,生成winpe的文件。

如果你想让winpe启动的时候在内存执行程序,可以修改e:\winpe目录下的config.inf文件,把osloadoptions项改成如下:

osloadoptions=txtsetup.sif,setupdata,"/fastdetect /minint /noguiboot /inram"

但是确定你的系统有256M内存。

如果想修改启动提示信息,修改loaderprompt项。当然这两项都可以不做,直接用以下命令生成winpe文件:

e:\winpe\>mkimg.cmd f: e:\temp\winpe.tmp

如果删除i386下的WinSxS目录及其文件,最后做成的iso会不能使用notepad。但是如果直接改微软发布的winpe iso,都会造成notepad不能执行,不知道为什么。

5、拷贝ramdisk的驱动文件

e:\winpe\>copy e:\temp\EDCAPFDeployment\WinPESupport\ramdrv.INF e:\temp\winpe.tmp\I386\infe:\winpe\>copy e:\temp\EDCAPFDeployment\WinPESupport\ramdrv.sys e:\temp\winpe.tmp\I386\system32\drivers6、加上erd command 2002

只需拷贝commandshell.exe, common.dll, compmgmt.exe, cs.cfg, dt.cfg, erdcmdr2002.cnt, erdhelp.exe, explorer.exe, fauxshell.dll, fe.cfg, filesearch.exe, locksmith.exe, logoff.exe, logon.exe, ntfsver.exe, pwdserv.exe, tcpcfg.exe, windowsshell.exe这几个文件到e:\temp\winpe.tmp\I386\system32下面就可以了。做成iso启动后在system32目录下执行logon就能进入erd,即使不想用erd,还可以使用它的一些工具,比如用tcpcfg就可以方便的配置网络。

7、调整winpe

现在就可以制作iso了,但是这样winpe启动的时候会提示Press any key to boot from CD.,如果没有按键就想从硬盘引导,只需删除e:\temp\winpe.tmp\i386目录下的BOOTFIX.BIN文件就不会有这个提示了。

winpe启动的时候首先会使用e:\temp\winpe.tmp\I386\system32\startnet.cmd文件,可以编辑这个脚本,使得启动时更加方便。

三、制作iso文件。

DISKEMU是一个多启动光盘常用的软件,而且它使用也非常简单。建立工作目录e:\cd,拷贝DISKEM1X.BIN、DISKEMU.CMD到cd目录。在cd目录下建立IMG、KNOPPIX目录。

拷贝KNOPPIX的压缩文件KNOPPIX到e:\cd\KNOPPIX下,拷贝boot.img到e:\cd\img\knoppix.img,再拷贝一份到e:\cd\KNOPPIX\下面,否则在使用knx-hdinstsall脚本把knoppix安装到硬盘的时候会不正确。

把e:\temp\winpe.tmp下所有文件拷贝到e:\cd下,拷贝e:\winpe\ETFSBOOT.COM到e:\cd\img\winpe.bin。

修改DISKEMU.CMD文件,以下是个参考:

cd img

:start

cls

print

print

print

print

print

print

print

print

print

print 1. KNOPPIX

print 2. WindowsPE

print r. Reboot

print q. Quit to command prompt

print Esc. Boot first harddisk

print

print

print

print

print

print

print

print

:mainkey

; timeout is 60 seconds, default key is escape

getkey 60 esc

onkey 1 goto knoppix

onkey 2 goto winpe

onkey f1 goto help

onkey q quit

onkey r reboot

onkey f boot 0

onkey esc boot 80

; When no key found...

goto mainkey

;

:help

cls

print HELP

print ----

print + Have ISO9660 filesystem support, you can do "dir" and "cd"

print + A "advanced" command prompt to load anything you want

print + A simple bootmenu for "less" advanced users

print + Autodetection of floppy image types (by filesize)

print + Using a bootable Diskemu 1.x CD-Rom, you can even boot images from "non-

print bootable" CD-Roms, just swap the CD, type "cd \" and you can use that CD.

print (Cool!)

print + You can create a multiboot bootable CD-Rom using (almost) any recording

print software you want

print + Supported floppy types: 160KB, 180KB, 320KB, 360KB, 1.2MB, 720KB, 820KB,

print 1.44MB, 1.68MB, 1.72MB, 2.88MB

print

print All supported command are listed below.

print

print batch boot bootinfotable cd cls dir

print echo emusegm getkey goto help keyval

print loadsegm onkey print quit readtest reboot

print run test type ver

print

print help <command> (or ?) Displays help about <command>

print

print Press any key to return to main menu

getkey

goto start

;

:knoppix

print Use KNOPPIX

run knoppix.img

getkey

goto start

;

:winpe

print WindowsPE

run winpe.bin

getkey

goto start

;

; EOF

然后就可以制作iso文件了,但是必须要注意iso的格式,不能用iso9660,要使用兼容iso9660文件的Joliet格式,cdimage的-j1参数满足这个条件:

cdimage -ltoolcd -j1 -bloader.bin cd toolcd.iso

OK,用toolcd.iso引导试试。

四、简单使用说明

linux部分:

1、启动菜单选择1是启动没有SCSI的KNOPPIX,但速度比较快,选择2是有SCSI的KNOPPIX,启动检测SCSI设备。

2、vmware里从xwindow退出会造成屏幕变小还没有找到问题所在。

3、如果机器有多个光驱,要放在/dev/cdrom这个光驱里,否则不能启动。

4、可以用knx-hdinstall脚本把系统方便快速的安装到硬盘。

winpe部分:

1、启动后会使用startcmd.net的脚本,首先提示系统分辨率,默认是800x600。

2、提示启动网络还是启动erd command(硬盘需要有win系统,license在光盘根目录)。

3、输入explorer启动erd的资源管理器,硬盘有fat、ntfs分区也可以直接读写。

4、tools目录会加到PATH环境变量里面,里面有很多好玩的东东,你还可以自己再添加。

声明:

由于该光盘包含了很多商业软件,所以没法提供下载的,也不要问我这些东东从那里来。我只是给大家介绍一个工具光盘的制作方法,方便大家做渗透测试、调查取证、入侵检测、网络陷阱等等。

参考:

http://www.knoppix.net/docs/index.php/KnoppixRemasteringHowto

http://www.knoppix.net/docs/index.php/KnoppixCustomKernelHowto

http://www.microsoft.com/technet/itsolutions/edc/pak/build/EDCBLD05.ASP

http://honeynet.xfocus.net/papers/gen2/

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有