HIR Issue 8: Advanced Disks of death
So, you remember the good old "Disk of Death" from HiR 6? Well, it's time to move on to bigger and better things...
I've found that there might be a lot more stuff that you wish to have access to at any computer you can get your hands on. I eventually found myself running around with a case of floppies, each with their own function; All of them were built around the "Disk of death" model: Each one was a small toolkit of resources. Now, it's time to graduate...
I've graduated in two ways: The first way was the use of bootable CD-ROMs, that I Burned myself, which have my tools on them. This is also accompanied by a boot floppy that is bootable and is full of cd-rom drivers (so that I can use the CD-ROM With ease when the machine won't allow CD-ROM Boot). The CD-ROM has Autorun data (See HiR6-7.txt for information on CD-ROM insecurity with Windows 95) and all of my favorite dos and Windows tools, and a few linux tools as well.
"Linux utilities, eh?" you may be asking. And it's a valid question. The other way I've advanced my Disk of Death usage is by using Linux Disks of Death. There are several distributions of linux that are geared specifically toward Floppy disks; to where you can boot an entire linux system using only floppies. Most of these distributions are hand-crafted specifically for networking, instead of data-tampering with the local hard drives and filesystems. Almost all Floppy Linux Distributions are distributed in IMG (image file) format, and most of them will allow you to use the typical RAWRITE.EXE routine in DOS/Windows or dd/cat in unix to create floppies from the image files. Recently, Axon and one of his Co-Workers came across a few Floppy Linuxes that were hand-crafted to mess with NTFS volumes; changing data around, scrubbing the SAM database (Accounts and Shared Resource properties are stored here), and other evil stuff.
Linux on a Floppy, LOAF (http://www.ecks.org/loaf/):
If you haven't had much linux experience yet, but kind of know what you're doing, the easiest to use is a distribution known as "Linux on a floppy", or "LOAF". LOAF fits on a single floppy disk, and has separate kernels, depending on what network card the machine is using. Once you start, you are given a straight linux prompt. LOAF 1.1 is using ASH (A Shell) for the shell. It's VERY bare-bones, but it works. LOAF 1.2 is out, but I have not had time to play with it. IRC'ing with the LOAF Author, it sounds more feature rich, and he has intentions to turn it into a potential multiple-floppy distribution, naming the advanced supplemental disks after popular sandwich elements. I don't know if this will ever happen, but he was thinking about it. Main things that you can do in LOAF 1.1: Lynx is used for ftp and http; telnet is used to connect to other linux/unix/internetworked machines. A few games are included. I believe loaf 1.2 replaced the games with an ssh client for encrypted connections. LOAF 1.1 is not at all easy to customize. It's best to leave it as-is.
Loaf requires the machine to have about 6 megs of ram.
Trinux: Linux Security Toolkit (http://www.trinux.org):
My personal favorite floppy linux distribution (currently) is Trinux: the Linux Security Toolkit. Trinux is a bare minimum of 2 floppies (but I have a Third one full of kernel modules for extended hardware support). Trinux allocates Six Virtual Consoles, and BASH is used for the shell (VERY Nice). Trinux Classic is made specifically for network monitoring, mapping, exploration and exploit testing. A few Sniffers and traffic monitors are contained within, and several evil denial of service TCP/IP attacks are in there, as well as some network mapping/exploration stuff, too. Lynx is not included, but telnet and FTP are.
Trinux is so easily customizeable that one could add lynx without much of a problem. There is the possibility to use an almost unlimited number of floppies. The packages are stored as tarballs on DOS formatted floppies, and loaded into ramdisks upon unpacking. Network setup is simple, and the documentation on their website is thorough. One major advantage to this distribution is the fact that it can be started up on a machine somewhere and never messed with again. It allows the user to telnet or ftp in (as root), which is the only default user in /etc/passwd, which is fine (most of the programs do raw tcp/ip packets, or other stuff that requires root anyways). Don't worry about the "Insecurity" of logging in as root. (Unless you're on crack and put them there), there are no data files that could be irreparably corrupted, and nothing more than some man pages, libraries, and binaries in the Trunix filesystem. Trinux runs out of ramdisk, so if it gets messed up, put the boot floppy back in, restart the computer, and load the second floppy, and you're back in business again.
There are other packages to trinux as well. Instead of inserting a data disk for Monitoring, Mapping, and exploit testing, you could use a data disk with a webserver on it, or a data disk with tools to mislead system crackers into attacking trinux machines (using the deception toolkit, which makes a machine LOOK *REALLY* Vulnerable, when it's actually very secure. It answers on a lot of ports, and reports version numbers of services with known vulnerabilities, and acts like the service normally would, and even emulates the exploit working, but it doesn't. The sysadmins will know someone's having fun, though, and have time to lock down the REAL systems.) This is guaranteed to keep those little guys busy for a while, since it's basically the host of their dreams: It's on YOUR network, and it has so many vulnerabilities, they KNOW they have to be able to get in! (But they wont...)
Check out their website for more info.
Trinux Requires the computer you use to have around 12 megs of ram, and the more, the merrier.
Trinux also has a Hard-Drive version that fits on a FAT hard drive, and can be loaded up with LoadLin (a DOS bootloader that will allow you to start in DOS and then boot a linux kernel, wiping out all the memory DOS used).
HAL-91 Linux (http://home.sol.no/~okolaas/hal91.html):
HAL-91 is a 2-floppy set that is basically an advanced version of LOAF that has geared itself more towards a rescue disk. It is still helpful, and has a lot of neat toys. It includes telnet, ping, pppd (to modem connect to the net), chroot (used for rescue work), fdisk, e2fsck (like scandisk), and some normal linux binaries for filesystem navigation and management.
Requires a computer with 6-8 megs of RAM
These are the only floppy linux distributions I've used so far. Next issue I will try to write an article on the others (I know of at least 4 or 5 more, but these seemed to be the best ones to be used as "Disks of Death")