H@L0_F00
-
Posts
834 -
Joined
-
Last visited
-
Days Won
2
Posts posted by H@L0_F00
-
-
Yeah, it looks like the casper folder needs to be on the root of your drive.
You could just map the ISO like Eteris did and see if that works. It's likely that you don't even need to have all the extra parameters shown, you could just chainload it with something like:
title Helix3 map /path/to/file.iso (hd32) map --hook chainloader (hd32)
-
What is the structure of the ISO itself? It might be searching for essential files/folders on the root drive and not in /boothelix like your setup
-
I've run into a couple problems with Back|Track and it seems I'll have to do a bit more than I did with Ophcrack to get it to change the directory. I also want to make some other changes to it, like remove the idiotic message "remove the disk and press Enter to reboot" (or whatever it says), when you reboot, which means changing the actual squashfs, but I've found guides and I'll just incorporate them into my guide. I'm pretty flooded with homework and stuff for school, while also getting preoccupied with another project I'm trying to come up with, which I think I'll call the SAMGrabber (a very small Linux distro that will automatically and silently save the SAM and SYSTEM files of a Windows machine to your flash drive upon boot :) ), but I'll get back to the Back|Track project though and hopefully I'll be able to complete it before too long.
-
I don't make any image. This is the Linux way. When you plug pendrive into linux machine it shows as /dev/sdx
(where 'x' is {a,b,...}) so I actually mount device not an image. What I'm doing is just make any one (in this VirtualBox) can write and read from it and generate vmdk file for it (It's little file some KB, where my pendrive is 8GB). Anyway, I do it just once. As long as my pendrive is showing in my system as /dev/sdb I don't have to generate new vmdk file. Just make changes on pendrive and run VirtualBox.
One thing when I make changes ofcourse I have to mount somewhere my device(or hal do it for me),but when I want to boot form it in Virtualbox I have to unmount it. And that's it.
I hope now it's more clear and sorry for my English it's not my native language
Yeah, I know how Linux mounts drives. I just thought that with the command "-rawdisk /dev/sdb" mad a rawdisk image of the drive as ~/mnt/new_usb.vmdk. That's cool though. If you've tried my VM, does your solution with VirtualBox run faster than mine with VMware?
Your English is pretty good for it being a foreign language, by the way.
-
C:\Windows\System32\config is where the SAM and SYSTEM files can be found on Windows 7 so I'm pretty sure it's the same for Vista.
-
Actually I boot from usb in VirtualBox it's go like this:
...
I've hardly messed with VirtualBox, and it was only on a Windows machine, but it seems like you're just making an image of your flash drive and booting from that, or am I wrong?
-
Wow... I'm kind of disappointed in myself for not realizing such a thing was possible... I mean, that's what I do with DeepFreeze... Anyways, thanks for that Moonlit.
I'm still interested in hearing a bit about what everybody else uses for cracking passes though, as I think I'm going to try to learn more about such things.
-
I want to see the original post...
-
I agree, getting into a Windows box is easy, but you can't always remove/reset the password or use Kon-Boot, and sometimes you'd just like to know the password. When trying to access a machine more passively, you cannot remove the password or change it.
-
With more and more people using Vista and Win7, I decided it was time to get my NT hash cracking on. So, I installed Windows 7 in a VM, setup up some lame test accounts:
Username:Password
Test:seven
lame:lame
lamepass:lamepass
yourmom:yourmom
18j4:18j4
I then ran it through Ophcrack. What came up? Nothing but "lame" and "l8j4" and they were only found because Ophcrack bruteforces from 1-4 characters. I was quite surprised that the other passwords couldn't be found... I know Ophcrack exploits the weak LM hash used in XP and preceding, while the Vista Free tables are based on a dictionary and mutations, but I still figured that it would find all of those lame passwords... Yet, it didn't.
I was just wondering, if any of you have cracked some NT hashes, be it from Vista or Windows 7, did you use Ophcrack? What was the password? What tables did you use? And, how long did it take?
If you use something other than Ophcrack (JTR, Cain, etc.), what do you use? What tables do you use and how large are they? On average, how long does it take you to crack an NT hash?
-
It looks like TheHermit's fix in his tutorial (step 3) might be what you'll need to do.
-
200+ downloads! I'm also trying to figure out a way to use QEMU as it is said to be possible.
-
Does any one know the grub.cfg (grub2) for Kon-Boot ??
Psychosis was working on this but I don't think it's been accomplished yet since mapping with GRUB4DOS differs from Grub2.
-
PLoP is ran from a CD or even a floppy, although it can be installed.
The linux CD sounds like it should work. I would rather chainload the complete flash drive instead of specifying each entry on a CD which isn't rw, but this could be done from the same CD.
-
Put the "casper" folder on the root of your device. I'm working on a way to get around this but I've ran into some trouble, so, for now, you'll have to just put the "casper" directory on the root.
-
I posted a direct link to the specific post you need to look at, but it doesn't jump to the post like it should. Anyways, you should take a look at the posts below, specifically post #5. It sounds like that will work for you.
EDIT: Just fixed the link.
-
I'm looking forward to this! It would be a great idea to log all IRC and make it available with the videos when they are later released, just in case there are time conflicts and someone can't watch the presentation during the specified time, but would like to look over any discussion held during the presentation.
-
-
In my DHTI class today, we went over EMI and how a signal can be picked up by another wire or device if not properly arranged. It got me thinking... Would a "wiretap" by EMI be possible/practical? If so, why is it not more commonly used? If not, why?
-
Ok, what you need to do, then, is move your /bootclone/live directory to the root of the device, so it would be just /live unless you'd like to try and edit the scripts. I don't use CloneZilla, but you could get an idea of how to go about editing scripts by taking a look at my Ophcrack guide where I edited the scripts to look for the Ophcrack tables in a different directory. You'd have to figure out which script is the one that tells CloneZilla to look in /live/image/live and make it look in /bootclone/live/image/live in order for it to find the scripts you'd like to keep in that directory. Grep can come in handy (something like " grep -r -i '/live/image/live' * " after extracting the initrd file might come up with some results you could take a look at).
-
Did you try what xje4bv posted? That should work for larger flash drives. To get back the "lost" space, use the U3 Removal Tool.
-
I found CloneSpy while searching for "portable duplicate file finder." It's got many different options and settings, plus it saves any settings to a .ini file, making it portable.
-
I don't throw away anything. Then again, I'm 16 and without a job...
-
Lamers use this in my IT class to cheat at Bloon's Tower Defense. You can scan for variables used and modify them. It's also open source.
Episode 5x24
in USB Multipass
Posted
What I've found about such error deals with ASCII characters in filenames. Try and see if you've got any filenames that could contain any ASCII characters, rename them, and see if that stops the problem.