knoppix

类别:编程语言 点击:0 评论:0 推荐:

std的软件列表

Tools are grouped as follows:

authentication
/usr/bin/auth/

freeradius 0.9.3 : GPL RADIUS server

encryption
/usr/bin/crypto/

2c2 : multiple plaintext -> one ciphertext 4c : as with 2c2 (think plausible deniability) acfe : traditional cryptanalysis (like Vigenere) cryptcat : netcat + encryption gifshuffle : stego tool for gif images gpg 1.2.3 : GNU Privacy Guard ike-scan : VPN fingerprinting mp3stego : stego tool for mp3 openssl 0.9.7c outguess : stego tool stegbreak : brute-force stego'ed JPG stegdetect : discover stego'ed JPG sslwrap : SSL wrapper stunnel : SSL wrapper super-freeSWAN 1.99.8 : kernel IPSEC support texto : make gpg ascii-armour look like weird English xor-analyze : another "intro to crytanalysis" tool

forensics
/usr/bin/forensics/

sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox. autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence biew : binary viewer bsed : binary stream editor consh : logged shell (from F.I.R.E.) coreography : analyze core files dcfldd : US DoD Computer Forensics Lab version of dd fenris : code debugging, tracing, decompiling, reverse engineering tool fatback : Undelete FAT files foremost : recover specific file types from disk images (like all JPG files) ftimes : system baseline tool (be proactive) galleta : recover Internet Explorer cookies hashdig : dig through hash databases hdb : java decompiler mac-robber : TCT's graverobber written in C md5deep : run md5 against multiple files/directories memfetch : force a memory dump pasco : browse IE index.dat photorec : grab files from digital cameras readdbx : convert Outlook Express .dbx files to mbox format readoe : convert entire Outlook Express .directory to mbox format rifiuti : browse Windows Recycle Bin INFO2 files secure_delete : securely delete files, swap, memory.... testdisk : test and recover lost partitions wipe : wipe a partition securely. good for prep'ing a partition for dd and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)

firewall
/usr/bin/fw/

blockall : script to block all inbound TCP (excepting localhost) flushall : flush all firewall rules firestarter : quick way to a firewall firewalk : map a firewall's rulebase floppyfw : turn a floppy into a firewall fwlogwatch : monitor firewall logs iptables 1.2.8 gtk-iptables : GUI front-end shorewall 1.4.8-RC1 : iptables based package

honeypots
/usr/bin/honeypot/

honeyd 0.7 labrea : tarpit (slow to a crawl) worms and port scanners thp : tiny honeypot

ids
/usr/bin/ids/

snort 2.1.0: everyone's favorite networks IDS ACID : snort web frontend barnyard : fast snort log processor oinkmaster : keep your snort rules up to date hogwash : access control based on snort sigs bro : network IDS prelude : network and host IDS WIDZ : wireless IDS, ap and probe monitor aide : host baseline tool, tripwire-esque logsnorter : log monitor swatch : monitor any file, oh like say syslog sha1sum md5sum syslogd

network utilities
/usr/bin/net-utils/

LinNeighboorhood : browse SMB networks like windows network neighborhood argus : network auditor arpwatch : keep track of the MACs on your wire cdpr : cisco discovery protocol reporter cheops : snmp, network discovery and monitor tool etherape : network monitor and visualization tool iperf : measure IP performance ipsc : IP subnet calculator iptraf : network monitor mrtg : multi router traffic grapher mtr : traceroute tool ntop 2.1.0 : network top, protocol analyzer rrdtool : round robin database samba : opensource SMB support tcptrack : track existing connections

password tools
/usr/bin/pwd-tools/

john 1.6.34 : John the Ripper password cracker allwords2 : CERIAS's 27MB English dictionary chntpw : reset passwords on a Windows box (including Administrator) cisilia : distributed password cracker cmospwd : find local CMOS password djohn : distributed John the Ripper pwl9x : crack Win9x password files rcrack : rainbow crack

servers
/usr/bin/servers

apache ircd-hybrid samba smail sshd vnc net-snmp tftpd xinetd

packet sniffers
/usr/bin/sniff/

aimSniff : sniff AIM traffic driftnet : sniffs for images dsniff : sniffs for cleartext passwords (thanks Dug) ethereal 0.10.0 : the standard. includes tethereal ettercap 0.6.b : sniff on a switched network and more. filesnarf : grab files out of NFS traffic mailsnarf : sniff smtp/pop traffic msgsnarf : sniff aol-im, msn, yahoo-im, irc, icq traffic ngrep : network grep, a sniffer with grep filter capabilities tcpdump : the core of it all urlsnarf : log all urls visited on the wire webspy : mirror all urls visited by a host in your local browser

tcp tools
/usr/bin/tcp-tools/

arpfetch : fetch MAC arping : ping by MAC arpspoof : spoof arp arpwatch : montior MAC addresses on the wire despoof : detect spoofed packets via TTL measurement excalibur : packet generator file2cable : replay a packet capture fragroute : packet fragmentation tool (thanks again Dug) gspoof : packet generator hopfake : spoof hopcount replies hunt : tcp hijacker ipmagic : packet generator lcrzoex : suite of tcp tools macof : flood a switch with MACs packetto : Dan Kaminsky's suite of tools (includes 1.10 and 2.0pre3) netsed : insert and replace strings in live traffic packETH : packet generator tcpkill : die tcp, die! tcpreplay : replay packet captures

tunnels
/usr/bin/tunnels/

cryptcat : encrypted netcat httptunnel : tunnel data over http icmpshell : tunnel data over icmp netcat : the incomparable tcp swiss army knife shadyshell : tunnel data over udp stegtunnel : hide data in TCP/IP headers tcpstatflow : detect data tunnels tiny shell : small encrypted shell

vulnerability assessment
/usr/bin/vuln-test/

Way too many to list them all. There's much from THC, ADM, RFP, NMRC, TESO, Phenoelit. Be very careful with these tools. Remember, no guarantees are offered and you are entirely responsible for your own actions.

ADM tools : like ADM-smb and ADMkillDNS amap 4.5 : maps applications running on remote hosts IRPAS : Internet Routing Protocol Attack Suite chkrootkit 0.43 : look for rootkits clamAV : virus scanner. update your signatures live with freshclam curl : commandline utility for transferring anything with a URL exodus : web application auditor ffp : fuzzy fingerprinter for encrypted connections firewalk : map a firewall rulebase hydra : brute force tool nbtscan : scan SMB networks ncpquery : scan NetWare servers nessus 2.0.9 : vulnerability scanner. update your plugins live with nessus-update-plugins nikto : CGI scanner nmap 3.48 : the standard in host/port enumeration p0f : passive OS fingerprinter proxychains: chain together multiple proxy servers rpcinfo : hmmmm.... info from RPC? screamingCobra : CGI scanner siege : http testing and benchmarking utility sil : tiny banner grabber snot : replay snort rules back onto the wire. test your ids/incidence response/etc. syslog_deluxe : spoof syslog messages thcrut : THC's "r you there?" network mapper vmap : maps application versions warscan : exploit automation tool xprobe2 : uses ICMP for fingerprinting yaph : yet another proxy hunter zz : zombie zapper kills DDoS zombies

wireless tools
/usr/bin/wireless/

airsnarf : rogue AP setup utility airsnort : sniff, find, crack 802.11b airtraf : 802.11b network performance analyzer gpsdrive : use GPS and maps kismet 3.0.1 : for 802.11 what else do you need? kismet-log-viewer : manage your kismet logs macchanger : change your MAC address wellenreiter : 802.11b discovery and auditing patched orinoco drivers : automatic (no scripts necessary)

下面是localareasecurfity的软件,没分类的

ISIC - http://www.packetfactory.net/Projects/ISIC/
LinNeighborhood - http://www.bnro.de/~schmidjo/
SARA - http://www-arc.com/sara/
admsmp - ftp://freelsd.net/
admsnmp - ftp://freelsd.net/
aide - http://www.cs.tut.fi/~rammer/aide.html
airsnort - http://airsnort.shmoo.com/
amap - http://www.thc.org/releases.php
angst - http://angst.sourceforge.net/
argus-client - http://www.qosient.com/argus/
argus-server - http://www.qosient.com/argus/
arptool - http://users.hotlink.com.br/lincoln/arptool/
arpwatch - http://www.securityfocus.com/tools/142
atmelwlandriver - http://atmelwlandriver.sourceforge.net/news.html
autopsy / sleuthkit - http://www.sleuthkit.org/
bass - http://www.securityfocus.com/tools/394
bfbtester - http://bfbtester.sourceforge.net/
biew - http://biew.sourceforge.net/en/biew.html
binutils - http://sources.redhat.com/binutils/
bruth - http://bruth.sourceforge.net/
bsed - http://www1.bell-labs.com/project/wwexptools/bsed/
cabextract - http://www.kyz.uklinux.net/cabextract.php
ccrypt - http://quasar.mathstat.uottawa.ca/~selinger/ccrypt/
cflow - http://net.doit.wisc.edu/~plonka/Cflow/
cgrep - http://www1.bell-labs.com/project/wwexptools/cgrep/
cheops - http://www.marko.net/cheops/
chkrootkit - http://www.chkrootkit.org/
clamav - http://clamav.elektrapro.com/
cmospwd - http://www.cgsecurity.org/index.html?cmospwd.html
crank - http://crank.sourceforge.net/about.html
cryptcat - http://sourceforge.net/projects/cryptcat/
cscope - http://cscope.sourceforge.net/
curl - http://curl.haxx.se/
darkstat - http://members.optushome.com.au/emikulic/net/darkstat/
disco - http://www.altmode.com/disco/
dlint - http://www.domtools.com/dns/dlint.shtml
driftnet - http://www.ex-parrot.com/~chris/driftnet/
dsniff - http://naughty.monkey.org/~dugsong/dsniff/
echoping - http://echoping.sourceforge.net/
ethereal- http://ethereal.com/
ettercap - http://ettercap.sourceforge.net/
ettercap-gtk - http://www.dnetc.org/?s=ettercap
farpd - http://packages.debian.org/unstable/net/farpd.html
fenris - http://razor.bindview.com/tools/fenris/
findutils - http://www.gnu.org/software/findutils/findutils.html
firewalk - http://www.packetfactory.net/firewalk/
foremost - http://foremost.sourceforge.net/
fping - http://www.fping.com/
fragroute - http://www.monkey.org/~dugsong/fragroute/
gkismet - http://gkismet.sourceforge.net/
gnupg - http://www.gnupg.org/
gpa - http://www.gnupg.org/(en)/related_software/gpa/index.html
hackbot - http://freshmeat.net/projects/hackbot/?topic_id=87%2C43%2C861
hammerhead - http://hammerhead.sourceforge.net/
hlfl - http://www.hlfl.org/
hping2 - http://www.hping.org/
httptunnel - http://www.nocrew.org/software/httptunnel.html
httpush - http://sourceforge.net/projects/httpush
hunt - http://packages.debian.org/stable/net/hunt.html
idsa / idsaguardgtk - http://jade.cs.uct.ac.za/idsa/
idswakeup - http://www.hsc.fr/ressources/outils/idswakeup/
iptraf - http://cebu.mozcom.com/riker/iptraf/
john - http://www.openwall.com/john/
kismet - http://www.kismetwireless.net/
knocker - http://knocker.sourceforge.net/
libdbx - http://sourceforge.net/projects/ol2mbox
libpst - http://sourceforge.net/projects/ol2mbox
ltrace - http://freshmeat.net/projects/ltrace/?topic_id=846%2C47
macchanger - http://www.alobbs.com/modules.php?op=modload&name=macc&file=index
macrobber - http://www.sleuthkit.org/mac-robber/desc.php
mc - http://www.ibiblio.org/mc/
md5deep - http://md5deep.sourceforge.net/
memfetch - http://themes.freshmeat.net/projects/memfetch/?topic_id=43%2C45%2C47%2C836%2C136
mieliekoek.pl - http://packetstormsecurity.nl/UNIX/security/mieliekoek.pl
minicom - http://hegel.ittc.ukans.edu/topics/linux/man-pages/man1/minicom.1.html
mrtg - http://mrtg.hdl.com/mrtg.html
nasm - http://sourceforge.net/projects/nasm
nast - http://www.aimsniff.com/about.html
nbtscan - http://www.inetcat.org/software/nbtscan.html
nessus - http://nessus.org/
net-snmp - http://net-snmp.sourceforge.net/
netcat - http://www.atstake.com/research/tools/network_utilities/
netsed - http://freshmeat.net/projects/netsed/?topic_id=43
ngrep - http://ngrep.sourceforge.net/
nmap - http://www.insecure.org/nmap/
ntfstools - http://linux-ntfs.sourceforge.net/
ntfstools - http://linux-ntfs.sourceforge.net/
ntop - http://www.ntop.org/ntop.html
ntreg - http://razor.bindview.com/tools/index.shtml
openssl - http://www.openssl.org/
p0f - http://www.sans.org/resources/idfaq/p0f.php
packit - http://packit.sourceforge.net/
paketto - http://www.doxpara.com/read.php/code/paketto.html
partimage - http://www.partimage.org/index.en.html
pasmal - https://sourceforge.net/projects/pasmal/
pnscan - http://freshmeat.net/projects/pnscan/?topic_id=87%2C150%2C861
pv - http://packages.debian.org/unstable/utils/pv.html
raccess - http://salix.org/raccess/
rarpd - http://packages.debian.org/testing/net/rarpd.html
rats - http://www.cisecurity.org/bench_cisco.html
rda - http://md5sa.com/downloads/rda/index.htm
rdesktop - http://www.rdesktop.org/
recover - http://recover.sourceforge.net/linux/recover/
router-audit-tool - http://packages.debian.org/unstable/admin/router-audit-tool.html
rrdtool - http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/
samba - http://us3.samba.org/samba/samba.html
scanerrlog - http://www.librelogiciel.com/software/ScanErrLog/action_Presentation
scanlogd - http://www.openwall.com/scanlogd/
scansort - http://www.geocities.com/SouthBeach/Pier/3193/scansort.html
scanssh - http://www.monkey.org/~provos/scanssh/
scli - http://www.ibr.cs.tu-bs.de/projects/scli/
screamingcobra.pl - http://cobra.lucidx.com/
sendip - http://www.earth.li/projectpurple/progs/sendip.html
shorewall - http://www.shorewall.net/
sing - http://packages.debian.org/unstable/net/sing.html
smb-nat - http://packages.debian.org/unstable/admin/smb-nat.html
smokeping - http://people.ee.ethz.ch/~oetiker/webtools/smokeping/
sniffit - http://reptile.rug.ac.be/~coder/sniffit/sniffit.html
snort - http://www.snort.org/
socat - http://www.dest-unreach.org/socat/
speak-freely - http://www.speakfreely.org/
splint - http://lclint.cs.virginia.edu/
ssh - http://openssh.org/
ssldump  http://www.rtfm.com/ssldump/
stegdetect - http://www.outguess.org/detection.php
steghide - http://steghide.sourceforge.net/
strace - http://www.liacs.nl/~wichert/strace/
stunnel - http://www.stunnel.org/
sudo - http://www.courtesan.com/sudo/
swatch - http://swatch.sourceforge.net/
tcpdump - http://www.tcpdump.org/
tcpflow - http://www.circlemud.org/~jelson/software/tcpflow/
tcpreplay - http://tcpreplay.sourceforge.net/
tcptrace - http://www.tcptrace.org/
tetstdisk - http://www.cgsecurity.org/index.html?testdisk.html
valgrind - http://developer.kde.org/~sewardj/
vlad - http://razor.bindview.com/tools/vlad/index.shtml
vnc - http://www.uk.research.att.com/vnc/
vomit - http://vomit.xtdnet.nl/
warscan - http://razor.bindview.com/tools/desc/WarScan_readme.html
wellenreiter - http://www.wellenreiter.net/
xprobe - http://www.sys-security.com/
zodiac  http://www.team-teso.net/projects/zodiac/




一、重灌knoppix

knoppix是一个基于debian的在光盘运行的linux,关于knoppix重新定制网上有很多文章了,我其实只是自己做的记录而已。

1、解包ISO

没有空余的机器或空余的分区,只能用虚拟机来折腾。在VPC上添加一个新的linux系统,选好内存大小,硬盘映像文件,然后启动这个系统,在菜单CD -> Capture Image...选择KNOPPIX_V3.2-2003-05-03-EN.iso就可以了。

启动选项输入knoppix 2进入字符模式,用fdisk给/dev/hda分一个区,5个G应该足够,然后用mkfs.ext2给/dev/hda1创建文件系统。再把这个分区mount上:

# mount -o rw /dev/hda1 /mnt/hda1

建立工作目录:

# mkdir /mnt/hda1/knx
# mkdir -p /mnt/hda1/knx/master/KNOPPIX
# mkdir -p /mnt/hda1/knx/source/KNOPPIX

如果机器没有足够内存应该建立一个swap文件,因为最后压缩文件系统的时候会暂时把压缩文件写入内存:

# cd /mnt/hda1/knx ; dd if=/dev/zero of=swapfile bs=1M count=750 ; mkswap swapfile ; swapon swapfile

拷贝knoppix文件,cp的p参数是保持文件的所有属性,这里的拷贝会持续比较长时间。

# cp -Rp /KNOPPIX/* /mnt/hda1/knx/source/KNOPPIX

以下的拷贝是为了重新编译内核以后,重做iso以新内核启动。否则只需拷贝boot.img就可以了。

# cd /cdrom/KNOPPIX
# cp boot.img boot.cat KNOPPIX /mnt/hda1/knx/master/KNOPPIX

进入chroot环境对knoppix进行大刀阔斧的裁剪了:

# chroot /mnt/hda1/knx/source/KNOPPIX

2、裁剪和替换

进入chroot环境后,mount上proc:

# mount -t proc /proc proc

配置好网络准备就绪。由于是基于debian操作系统的,所有的软件包都通过apt系统来维护,所以可能需要修改/etc/apt/sources.list文件,使用速度较快的镜像站点。

然后用apt-get --purge remove program的命令方式删除不需要的东东,减少空间可以装其他自己想要的东东。/usr/share/doc这个目录的东西也比较大,100多M,也剁了。

通过执行deborphan可以找到一些不再关联的包,这些也可以安全的删除。

由于希望knoppix适合honeynet GenII的网桥,必须给内核打补丁:

# apt-get install kernel-source-2.4.20
# apt-get install kernel-patch-xfs
# wget http://users.pandora.be/bart.de.schuymer/ebtables/v2.0/v2.0./ebtables-v2.0.003_vs_2.4.20.diff
# wget http://users.pandora.be/bart.de.schuymer/ebtables/br-nf/bridge-nf-0.0.10-against-2.4.20.diff
# tar jxf kernel-source-2.4.20.tar.bz2
# cp linux/.config kernel-source-2.4.20/
# rm linux
# ln -s kernel-source-2.4.20 linux
# cd linux
# ../kernel-patches/all/apply/xfs
# patch -p1 < ../ebtables-v2.0.003_vs_2.4.20.diff
# patch -p1 < ../bridge-nf-0.0.10-against-2.4.20.diff

我们使用了knoppix的内核配置文件.config,这里要注意的是ebtables的补丁一定要在bridge-nf打,否则会出错误。

# make menuconfig

在内核选项里要把802.1d Ethernet Bridging及相关选项选上,其他的可以根据自己的需求更改定制,执行完这一步打上knoppix的内核补丁:

# patch -p1 < ../knoppix-kernel.patch

然后编译内核:

# make dep
# make bzImage
# make modules
# make moduels_install

编译模块需要不少时间。安装完以后可以把konippix原来内核相关的东西删除:

# rm -rf /usr/src/linux-2.4.20-xfs
# rm -rf /lib/modules/2.4.20-xfs
# rm -rf /boot/*
# rm /vmlinuz

把新的内核拷过去:

# cp System.map /boot/System.map-2.4.20
# cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.20
# cd /boot
# ln -s System.map-2.4.20 System.map
# ln -s vmlinuz-2.4.20 vmlinuz
# cd /
# ln -s boot/vmlinuz-2.4.20 vmlinuz

必须用新内核重新编译cloop.o模块:

# cd /tmp
# wget http://www.knopper.net/download/knoppix/cloop_0.68-2.tar.gz
# tar xzf cloop_0.68-2.tar.gz
# cd cloop-0.68
# make KERNEL_DIR=/usr/src/linux

由于knoppix通过boot.img来启动系统,必须修改之,按ALT+F2进入另外一个非chroot的shell,把boot.img拷过来:

# cp /mnt/hda1/knx/master/KNOPPIX/boot.img /mnt/hda1/knx/source/KNOPPIX/var/tmp

在chroot的shell环境下进行修改。

# cd /tmp
# mkdir boot mroot
# mount boot.img boot -t msdos -o loop=/dev/loop0
# cp boot/miniroot.gz .
# gzip -d miniroot.gz
# mount miniroot mroot -t ext2 -o loop=/dev/loop1
# cp /tmp/cloop-0.68/cloop.o /tmp/mroot/modules/

由于我的内核较大,索性把scsi光驱支持去掉,这样启动的时候速度也会快不少:

# rm -rf /tmp/mroot/modules/scsi

修改/tmp/mroot/linuxrc,设置SCSI_MODULES=""。

其实可以用winimage把boot.img扩大,那么这些东西就可以轻易的放入,用多个启动映像文件,多一种选择更好。注意映像文件名要使用8.3格式,后面提到的diskemu只能使用这个格式。

把miniroot打包回去:

# umount /tmp/mroot
# gzip -9 miniroot
# cp miniroot.gz boot/

把新的内核映像也拷回去:

# cp /boot/vmlinuz-2.4.20 /tmp/boot/vmlinuz

修改/tmp/boot目录下syslinux.cfg文件的DEFAULT vmlinuz设置,把lang=us改为lang=cn 2,把下面所有的lang=us改为lang=cn。这样knoppix重新启动的时候默认把语言属性改为中文,而且默认使用字符模式,没有必要一启动就进入xwindow。

还可以修改/tmp/boot下的boot.msg、f2、logo.16这几个标记。这个新的boot.img就可以把knoppix引导到新的内核,先重新灌装,然后在新的内核下安装与内核相关的驱动。退出chroot环境,用新的boot.img重新制作iso:

# cp /mnt/hda1/knx/source/KNOPPIX/var/tmp/boot.img /mnt/hda1/knx/master/KNOPPIX/boot.img
# cd /mnt/hda1/knx/
# mkisofs -pad -l -r -J -v -V "KNOPPIX" -b KNOPPIX/boot.img -c KNOPPIX/boot.cat -hide-rr-moved -o /mnt/hda1/knx/knoppix.iso /mnt/hda1/knx/master

制作iso速度比较快,把/mnt/hda1/knx/knoppix.iso传到自己的系统里面,然后用这个iso启动虚拟机。

3、更新和安装新的驱动

重新启动后可以用uname -a看看是否已经是新内核。

增强对无线网卡的支持。默认linux是不支持atmel芯片的无线网卡,需要另外安装,这里使用是非官方发布版本:

# chroot /mnt/hda1/knx/source/KNOPPIX
# cd /tmp
# wget http://atmelwlandriver.sourceforge.net/snapshots/atmelwlandriver-ss-20030507.tar.gz
# tar xzf atmelwlandriver-ss-20030507.tar.gz
# cd atmelwlandriver
# make config
Build all [y/N] <-- 这里选y把所有的驱动都编译了。
# make all
# make install

对于orinoco的驱动linux自带内核模块,但默认的驱动不支持无线网卡的monitor模式,airsnort主站提供了相应补丁,可以通过给pcmcia-cs打补丁,也可以通过给orinoco驱动打补丁,这样更简单一些:

# cd /tmp
# wget http://ozlabs.org/people/dgibson/dldwd/orinoco-0.13b.tar.gz
# wget http://airsnort.shmoo.com/orinoco-0.13b-patched.diff
# tar xzf orinoco-0.13b.tar.gz
# cd orinoco-0.13b
# patch -p1 < ../orinoco-0.13b-patched.diff
# make
# make install

linux-wlan-ng的驱动也更新一下:

# cd /tmp
# wget ftp://ftp.linux-wlan.org/pub/linux-wlan-ng/linux-wlan-ng-0.2.1-pre5.tar.gz
# tar xzf linux-wlan-ng-0.2.1-pre5.tar.gz
# cd linux-wlan-ng-0.2.1
# make config  <-- 这里可以基本上把所有的驱动都加上
# make all
# make install

prism的芯片也能使用orinoco的驱动,如果确认一些网卡使用的是prism芯片可以修改/etc/pcmcia/config文件,使用的驱动改一下,比如Compaq WL100的网卡原来使用orinoco的驱动,可以把它改成:

bind "prism2_cs"

这样插入Compaq WL100的网卡就会使用linux-wlan-ng的驱动,其它的网卡也可做类似修改,但你得知道网卡使用的芯片。

4、xwindow桌面环境的修改和汉化

KNOPPIX默认使用KDE作为桌面环境,这实在太大了。除了fluxbox、wmake、twm,删除了其它所有桌面环境,fvwm也是非常不错的,直接用apt安装。使用fluxbox作为默认的桌面。输入法使用fcitx,非常不错,而且已经进了debian的sid,以后更新就方便了。修改/etc/init.d/knoppix-autoconfig的1026行附近关于DESKTOP变量的赋值改为如下:

# Also read desired desktop, if any
DESKTOP="$(getbootparam desktop 2>/dev/null)"
# Allow only supported windowmanagers
case "$DESKTOP" in fvwm|windowmaker|wmaker|fluxbox|twm) ;; *) DESKTOP="fluxbox"; ;; esac

knoppix关于xwindow的脚本实际执行的是/etc/X11/Xsession.d/45xsession,里面有启动各种桌面的函数,比如startkde()。需要给fvwm添加一个类似的函数,完全拷贝startfluxbox()。startkde()完全可以删除以节省篇幅。

修改45xsession文件最后部分:

if [ "$LANGUAGE" = "cn" ]; then
export XMODIFIERS=@im=fcitx
/usr/bin/fcitx &
fi

case "$DESKTOP" in
      fvwm|FVWM) startfvwm ;;
fluxbox|FLUXBOX) startfluxbox ;;
windowmaker|wmaker|WINDOWMAKER|WMAKER) [ "$FREEMEM" -ge "35000" ] && startwindowmaker || starttwm lowmem 64; ;;
        twm|TWM) starttwm;   ;;
              *) starttwm invalidwm;   ;;
esac

这个脚本还有许多地方可以修改,也许你还需要修改/etc/init.d/xsession脚本等等。

字体使用simsun,并且使用firefly的补丁,可以到这里下载:
http://debian.ustc.edu.cn/dev/

修改/etc/gtk/gtkrc.zh_CN:
style "gtk-default-zh-cn" {
fontset = "-misc-simsun-medium-r-normal--14-*-*-*-*-*-iso10646-1,\
-misc-simsun-medium-r-normal--14-*-*-*-*-*-iso10646-1"
}
class "GtkWidget" style "gtk-default-zh-cn"

修改/etc/init.d/xsession,默认使用root用户启动X。

5、honeynet功能

# mkdir /honeynet
# wget http://honeynet.xfocus.net/papers/honeynet/tools/snort_inline.tgz
# wget http://honeynet.xfocus.net/papers/honeynet/tools/sebeksniff-2.0.1.tar.gz
# wget http://honeynet.xfocus.net/papers/honeynet/tools/sebek-linux-2.0.1.tar.gz

# apt-get install swatch
# apt-get install honeyd

以后再调整。

6、生成压缩文件系统

重灌前建议对系统做一遍升级和清理垃圾的工作。

# apt-get -u upgrade <- 这里要注意,有些服务型的软件会加上开机启动脚本,可以用update-rc.d删除。
# apt-get clean

更新关联:

# updatedb
# umount /proc

退出chroot环境后压缩文件系统:

# mkisofs -R -U -V "KNOPPIX.net filesystem" -P "KNOPPIX www.knoppix.net" -hide-rr-moved -cache-inodes -no-bak -pad /mnt/hda1/knx/source/KNOPPIX | nice -5 /usr/bin/create_compressed_fs - 65536 > /mnt/hda1/knx/master/KNOPPIX/KNOPPIX

二、制作winpe

作为一个工具盘如果有windows环境那就更好了,winpe解决了这个问题。
定制一个winpe非常容易,下面介绍的英文版的定制:

1、首先拷贝winpe光盘的winpe目录到硬盘,假设拷贝的硬盘目录是:e:\winpe。

这个用资源管理器拷贝就可以了。

2、然后从微软网站下载MSA EDC Deployment Kit。

e:\temp\>wget http://download.microsoft.com/download/win2000srv/MSAEDC/EDC1.5/NT5/EN-US/05-EDCv1.5DeploymentKit.exe
解开这个包到e:\temp\EDCAPFDeployment,然后:

e:\temp\>copy EDCAPFDeployment\WinPESupport\WINPESYS.INF e:\winpe

这里的WINPESYS.INF其实是添加了ramdisk的支持,默认盘符是r,大小是4M。可以通过修改HKLM,"SYSTEM\ControlSet001\Services\ramdrv\Parameters","DriveLetter",0000000000,"R:"来改变盘符,修改HKLM,"SYSTEM\ControlSet001\Services\ramdrv\Parameters","DiskSize",0x00010001,0x400000来改版大小。

3、准备winxp的光盘,比如在f盘。很奇怪那个pebuilder为什么要用sp1的光盘,我发现就xp的安装也是可以制作的。

4、运行mkimg.cmd脚本,生成winpe的文件。

如果你想让winpe启动的时候在内存执行程序,可以修改e:\winpe目录下的config.inf文件,把osloadoptions项改成如下:

osloadoptions=txtsetup.sif,setupdata,"/fastdetect /minint /noguiboot /inram"

但是确定你的系统有256M内存。

如果想修改启动提示信息,修改loaderprompt项。当然这两项都可以不做,直接用以下命令生成winpe文件:

e:\winpe\>mkimg.cmd f: e:\temp\winpe.tmp

如果删除i386下的WinSxS目录及其文件,最后做成的iso会不能使用notepad。但是如果直接改微软发布的winpe iso,都会造成notepad不能执行,不知道为什么。

5、拷贝ramdisk的驱动文件

e:\winpe\>copy e:\temp\EDCAPFDeployment\WinPESupport\ramdrv.INF e:\temp\winpe.tmp\I386\inf\
e:\winpe\>copy e:\temp\EDCAPFDeployment\WinPESupport\ramdrv.sys e:\temp\winpe.tmp\I386\system32\drivers\

6、加上erd command 2002

只需拷贝commandshell.exe, common.dll, compmgmt.exe, cs.cfg, dt.cfg, erdcmdr2002.cnt, erdhelp.exe, explorer.exe, fauxshell.dll, fe.cfg, filesearch.exe, locksmith.exe, logoff.exe, logon.exe, ntfsver.exe, pwdserv.exe, tcpcfg.exe, windowsshell.exe这几个文件到e:\temp\winpe.tmp\I386\system32下面就可以了。做成iso启动后在system32目录下执行logon就能进入erd,即使不想用erd,还可以使用它的一些工具,比如用tcpcfg就可以方便的配置网络。

7、调整winpe

现在就可以制作iso了,但是这样winpe启动的时候会提示Press any key to boot from CD.,如果没有按键就想从硬盘引导,只需删除e:\temp\winpe.tmp\i386目录下的BOOTFIX.BIN文件就不会有这个提示了。

winpe启动的时候首先会使用e:\temp\winpe.tmp\I386\system32\startnet.cmd文件,可以编辑这个脚本,使得启动时更加方便。

三、制作iso文件。

DISKEMU是一个多启动光盘常用的软件,而且它使用也非常简单。建立工作目录e:\cd,拷贝DISKEM1X.BIN、DISKEMU.CMD到cd目录。在cd目录下建立IMG、KNOPPIX目录。
拷贝KNOPPIX的压缩文件KNOPPIX到e:\cd\KNOPPIX下,拷贝boot.img到e:\cd\img\knoppix.img,再拷贝一份到e:\cd\KNOPPIX\下面,否则在使用knx-hdinstsall脚本把knoppix安装到硬盘的时候会不正确。
把e:\temp\winpe.tmp下所有文件拷贝到e:\cd下,拷贝e:\winpe\ETFSBOOT.COM到e:\cd\img\winpe.bin。

修改DISKEMU.CMD文件,以下是个参考:

cd img
:start
cls
print
print                  
print
print  
print  
print  
print                
print                
print                
print                  1.   KNOPPIX
print                  2.   WindowsPE                                  
print                  r.   Reboot  
print                  q.   Quit to command prompt
print                  Esc. Boot first harddisk
print
print    
print    
print    
print
print  
print    
print  
:mainkey
; timeout is 60 seconds, default key is escape
getkey 60 esc
onkey 1 goto knoppix
onkey 2 goto winpe

onkey f1 goto help
onkey q quit
onkey r reboot
onkey f boot 0
onkey esc boot 80
; When no key found...
goto mainkey
;
:help
cls
print HELP
print ----
print  + Have ISO9660 filesystem support, you can do "dir" and "cd"
print  + A "advanced" command prompt to load anything you want
print  + A simple bootmenu for "less" advanced users
print  + Autodetection of floppy image types (by filesize)
print  + Using a bootable Diskemu 1.x CD-Rom, you can even boot images from "non-
print    bootable" CD-Roms, just swap the CD, type "cd \" and you can use that CD.
print    (Cool!)
print  + You can create a multiboot bootable CD-Rom using (almost) any recording
print    software you want
print  + Supported floppy types: 160KB, 180KB, 320KB, 360KB, 1.2MB, 720KB, 820KB,
print    1.44MB, 1.68MB, 1.72MB, 2.88MB
print
print  All supported command are listed below.
print
print  batch       boot         bootinfotable     cd          cls         dir
print  echo        emusegm      getkey            goto        help        keyval
print  loadsegm    onkey        print             quit        readtest    reboot
print  run         test         type              ver
print
print  help <command> (or ?)   Displays help about <command>
print
print  Press any key to return to main menu
getkey
goto start
;

:knoppix
print Use KNOPPIX
run knoppix.img
getkey
goto start
;

:winpe
print WindowsPE
run winpe.bin
getkey
goto start
;

; EOF

然后就可以制作iso文件了,但是必须要注意iso的格式,不能用iso9660,要使用兼容iso9660文件的Joliet格式,cdimage的-j1参数满足这个条件:

cdimage -ltoolcd -j1 -bloader.bin cd toolcd.iso

OK,用toolcd.iso引导试试。

四、简单使用说明

linux部分:

1、启动菜单选择1是启动没有SCSI的KNOPPIX,但速度比较快,选择2是有SCSI的KNOPPIX,启动检测SCSI设备。
2、vmware里从xwindow退出会造成屏幕变小还没有找到问题所在。
3、如果机器有多个光驱,要放在/dev/cdrom这个光驱里,否则不能启动。
4、可以用knx-hdinstall脚本把系统方便快速的安装到硬盘。

winpe部分:

1、启动后会使用startcmd.net的脚本,首先提示系统分辨率,默认是800x600。
2、提示启动网络还是启动erd command(硬盘需要有win系统,license在光盘根目录)。
3、输入explorer启动erd的资源管理器,硬盘有fat、ntfs分区也可以直接读写。
4、tools目录会加到PATH环境变量里面,里面有很多好玩的东东,你还可以自己再添加。

声明:

由于该光盘包含了很多商业软件,所以没法提供下载的,也不要问我这些东东从那里来。我只是给大家介绍一个工具光盘的制作方法,方便大家做渗透测试、调查取证、入侵检测、网络陷阱等等。

参考:
http://www.knoppix.net/docs/index.php/KnoppixRemasteringHowto
http://www.knoppix.net/docs/index.php/KnoppixCustomKernelHowto
http://www.microsoft.com/technet/itsolutions/edc/pak/build/EDCBLD05.ASP
http://honeynet.xfocus.net/papers/gen2/

本文地址:http://com.8s8s.com/it/it26821.htm