Jump to content

Episode 5x24


Darren Kitchen

Recommended Posts

  • Replies 447
  • Created
  • Last Reply

Top Posters In This Topic

hey guys, great episode btw. Now i just started on all this and have my 8gb cruzer formatted FAT32, when i go to run Grub installer (choose hd6 as that is what my usb comes up as and click install) i get the following message.

grubinst: write: Bad file descriptor

Now i now its stupid to get stuck on this step, im pretty sure i can do everything else but i have no clue where to go from this problem, thanks

Link to comment
Share on other sites

First off, that was a great episode. I have only recently been exposed to Revision3 and Hak5 but already it's what I spend a lot of my work days watching / reading. I (like most people) have been looking for a solution to the many CDs and thumb drives I have to have around. I was thinking that rather than spending $60-80 on a nice 32 gig thumb drive I could buy a 250gig WD Passport 2.5" HDD. I would like to assume this would work with one of the WD drives but I figured I should ask first. The size of the WD would enable me to easily bring around all the Windows and Mac programs, apps and images I use as well as having it bootable with the programs I need. Thanks in advance for any input or ideas.

Link to comment
Share on other sites

I tend to carry about a WD 320gb and 500gb My Passport with me in tool bag. I also tend to carry around about 10 different usb keys for various things. But as of today, I bought a 32gb usb at Frys for $60. I'm hoping to be able to eliminate the need for a majority of the smaller keys with this 32gb. I happen to have an 8gb that has an image put on to it that magically appeared from the "demon" that has TONS of tools that we listed here and many more. I'm in the process of taking what was shown in today's episode and what is on this image to be able to do a massive key with most of the general repair, recover, restore tools along with BT3 (persistent), BT4 (persistent), Mint7 (persistent and install), WinXP installer, Win7 32bit & 64bit installers, Server 2003 and 2008 installers.

Just to give you guys an idea how this one was setup, here is the menu.lst from the image...

splashimage /boot/face.gz
timeout 30
default 0

#####################################################################
# Windows installation
title Install Windows 2003 R2 SP2 English - First and second boot
root (hd0,0)
configfile /winsetup.lst
savedefault

title  
pause
#####################################################################
# Live CDs
title XP PE - UBCD4Win v3.50
root (hd0,0)
chainloader /minint/setupldr.bin

title BackTrack 4 - Pre Release (submenu)
root (hd0,0)
configfile /bt4.lst
savedefault

title Vista PE
root (hd0,0)
chainloader /bootmgr

title Vista Recovery CD
##ISO file must be contiguous on disk in this case, use Sysinternals contig.exe
map (hd0,0)/images/VistaReco.iso (hd32)
map --hook
chainloader (hd32)

title Ultimate Boot CD 4.1.1
##ISO file must be contiguous on disk in this case, use Sysinternals contig.exe
map (hd0,0)/images/UBCD411.iso (hd32)
map --hook
chainloader (hd32)

title Hiren's Boot CD 9.9
##ISO file must be contiguous on disk in this case, use Sysinternals contig.exe
map (hd0,0)/images/Hirens.BootCD.9.9.iso (hd32)
map --hook
chainloader (hd32)

title  
pause
#####################################################################
# Tools
title Acronis & Paragon utilities (submenu)
root (hd0,0)
configfile /acropara.lst

title Parted Magic 4.2 (submenu)
root (hd0,0)
configfile /pmagic.lst
savedefault

title Norton Ghost 11
map --mem (hd0,0)/images/ghost.img (fd0)
map --hook
chainloader (fd0)+1
rootnoverify (fd0)

title BootIt NG 1.86
map (hd0,0)/images/bootitng186.ISO (hd32)
map --hook
chainloader (hd32)

title Active Password Changer 3
map --mem (hd0,0)/images/pant.img (fd0)
map --hook
chainloader (fd0)+1
rootnoverify (fd0)

title Peter Nordahl's chntpw 080802
map --mem (hd0,0)/images/chntpw-cd080802.iso (hd32)
map --hook
chainloader (hd32)

title OnTrack Data Eraser 2.02
map --mem (hd0,0)/images/DE.img (fd0)
map --hook
chainloader (fd0)+1
rootnoverify (fd0)

title OnTrack Data Recovery 6.10
map --mem (hd0,0)/images/DR.img (fd0)
map --hook
chainloader (fd0)+1
rootnoverify (fd0)

title Disk tools (submenu)
root (hd0,0)
configfile /disktools.lst



################################################################################
########################################
################################################################################
########################################
################################################################################
########################################
#use the following for reference, uncomment(#) and change as needed

#title Start Vista, find and load bootmgr
#find --set-root /bootmgr
#chainloader /bootmgr

#title find and boot Linux with menu.lst already installed
#find --set-root /sbin/init
#configfile /boot/grub/menu.lst

#title SystemRescueCd-0.4.x from hard-disk
#root (hd0,0)
#kernel /rescuecd init=/linuxrc cdroot=/dev/sda1 setkmap=us
#initrd /rescuecd.igz

#title Puppy Linux on HD0
#root (hd0,0)
#kernel /puppy/vmlinuz root=/dev/rd/0 pmedia=usbflash
#initrd /puppy/initrd.gz


#title Start Recovery Console of Windows NT/2K/XP
#find --set-root /cmldr
#chainloader /cmldr
#####################################################################
# write string "cmdcons" to memory 0000:7C03 in 2 steps:
#####################################################################
### step 1. Write 4 chars "cmdc" at 0000:7C03
#write 0x7C03 0x63646D63
### step 2. Write 3 chars "ons" and an ending null at 0000:7C07
#write 0x7C07 0x00736E6F

#title Start Acronis True Image/Disk Director from ISO loaded in memory
#map --mem (hd0,0)/acronismedia.iso (hd32)
#map --hook
#chainloader (hd32)

#title Start Acronis True Image/Disk Director from ISO
##ISO file must be contiguous on disk in this case, use Sysinternals contig.exe
#map (hd0,0)/acronismedia.iso (hd32)
#map --hook
#chainloader (hd32)

#title Start MemTest from floppy image on second hard disk/third partition
##image file can be gzipped, i.e. memtest.img.gz
#map --mem (hd1,2)/memtest.img (fd0)
#map --hook
#chainloader (fd0)+1
#rootnoverify (fd0)

#title Chainload the bootsector at third partition, fifth hard disk
#chainloader (hd4,2)+1

#title Start Windows XP if it's on second hard disk
##ntldr/ntdetect.com won't start if are not on first disk, first active partition, thus the mapping
#map (hd1) (hd0)
#map --hook
#rootnoverify (hd0,0)
#chainloader /ntldr

#title find and load IO.SYS of Windows 9x/Me/DOS
#find --set-root /io.sys
#chainloader /io.sys

Link to comment
Share on other sites

Hey guys and gals...Frank Castle here.

First of all, I want to thank all of you for your positive feedback. It was quite a challenge to get going at first, but it was so worth it in the end, especially after my idea made it to Hak5. I thought I would drop by and offer my advice to some of you who had questions...

1) jdogherman

For TRK, the appropriate grub command is:

title Trinity Rescue Kit

kernel /kernel.trk initrd=/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose

initrd /initrd.trk

And as for Ophcrack, for the latest version, installed with Stiltaz blah blah blah, since everything (except for the tables) are in the boot folder, both the boot folder AND the tables folder must be on the root of the device. At least, that's what worked for me.

2) hurtcake

Kon-boot was a tough one to get running. I had to use the .img version of it for it to work at all. The grub command I used (which is a little different than Darren's) was:

title Kon-Boot

map (hd0,0)/FD0-konboot-v1.1-2in1.img (fd0)

map –hook

map (hd0) (hd1)

map (hd1) (hd0)

map –hook

chainloader (fd0)+1

rootnoverify (fd0)

As far as administrative privligies and all that...as far as I know, as long as the user your logged in as is an administrator than you have all administative power. But as far as paring a payload with it...I have no clue about that.

And I can't remember if you got it working or not, but my Hiren's grub command is:

title Hirens BootCD

kernel /HBCD/memdisk

initrd /HBCD/boot.gz

3) coreyja

I tried to partition and do all that jazz with these thumb drives for too long, and I gave up. Although it is possible to give one multiple partitions, only the first one (if even that one) is visible by windows (which I assume you are running...don't shoot me if your'e not), so you can't really mess with the other partitions at all unless you change registry values to make it appear as a usb hard drive (which I stray away from...bad experience). Plus add in the hassle of trying to figure out before-hand how big to make the partitions, etc. was just too much for me. What I do instead to keep clutter to a minimum is make all of the grub files and folders hidden (since grub/linux doesn't really care if windows says they are hidden).

4) ChrisTek

As for FreeDOS, when you say:

title FreeDOS

root (hd0,2)

kernel /memdisk

initrd /freedos.img floppy

you are telling grub to look for these files in the 3rd partition of your thumbdrive, which I assume doesn't exist. Change the line "root (hd0,2)" to "root (hd0,0)" or simply just take it out.

For Hirens, the HCBD folder needs to be in the root of the drive (at least for my version). The grub command is given above

And for BT3, I don't know if it will make a difference, but my grub command was slightly different. I would give it a try:

title BackTrack 3

kernel /bootbt3/vmlinuz vga=0x317 ramdisk_size=6666 root=/dev/ram0 rw autoexec=xconf;kdm

initrd /bootbt3/initrd.gz

*Other Notes*

A password can be added by obtaining a UNIX md5. This can be done from Grub by:

1) Booting up the drive and pressing "c" at the grub promt

2) Typing in "md5crypt" then entering in your desired password

3) Copying the resultant md5 hash on paper, etc.

4) Adding the line password --md5 *your md5 here* either after the preliminary lines (i.e. - after timeout, splash image, etc.) (This will require a password to make any changes to the menu.lst from the grub prompt) AND/OR after the title of a distro (This will require a password to boot the distro)

A blank line can be added (for a seperatory line) by entering in:

title

kernal

initrd

Finally, a reboot option can be added, if you so wish...

title Reboot

reboot

Let me know if you have any questions, and thanks again,

Frank Castle

Link to comment
Share on other sites

I tend to carry about a WD 320gb and 500gb My Passport with me in tool bag. I also tend to carry around about 10 different usb keys for various things. But as of today, I bought a 32gb usb at Frys for $60. I'm hoping to be able to eliminate the need for a majority of the smaller keys with this 32gb. I happen to have an 8gb that has an image put on to it that magically appeared from the "demon" that has TONS of tools that we listed here and many more. I'm in the process of taking what was shown in today's episode and what is on this image to be able to do a massive key with most of the general repair, recover, restore tools along with BT3 (persistent), BT4 (persistent), Mint7 (persistent and install), WinXP installer, Win7 32bit & 64bit installers, Server 2003 and 2008 installers.

Just to give you guys an idea how this one was setup, here is the menu.lst from the image...

Does mounting the ISO with map (hdX,Y)/path/to/image.iso (hdZ) work with Grub4DOS?

Link to comment
Share on other sites

war10ck216: How did you get PreFinal working? Share the steps.

I copied the "boot" and "casper" folders from the BackTrack 4 Pre-Final iso. i changed the name of "boot" and added this to my "menu.lst":

title BackTrack 4 Pre-Final

kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0x317

initrd /boot/initrd.gz

:lol:

Link to comment
Share on other sites

Excellent episode, many thanks Frank Castle & Hak5 crew!

Tried grub yesterday evening real quick, with mixed results. First, it just got blank screen with blinking_, on second try i got grub list. After some minor tweaks, just blinking _. Stick is Kingston Datatraveler 4GB formatted as FAT32 so should work really nice.

Maybe i just wait for some good "release" :)

Link to comment
Share on other sites

Hey Darren great episode. I just set up my 8gb usb and it works perfectly. For my splash screen I used this image. The nice thing about is it has so few colors that the picture doesn't get messed up!

Post your splash screens too!

hey great idea! how about posting the XPM as well? would be cool to see hak5 related splash screens, made a topic including some here: http://hak5.org/forums/index.php?showtopic=13855

Link to comment
Share on other sites

Hi, great episode.

I'm having trouble booting Ophcrack from my MULTIPASS. I burned the distro to a temp USB drive using tazusb as Darren instructed. The temp drive boots perfectly. The issue is when I copy the files from the temp drive to my MULTIPASS and try to boot Ophcrack from grub, I get nothing. All of the other apps boot fine (Kon-Boot, ntpasswd etc.) Any help would be appreciated. Thanks.

Here are the contents of the MULTIPASS:

grldr

menu.lst

FD0-konboot-v1.1-2in1.img

bootoph/

tables/

ntpasswd/

HBCD/

And the contents of menu.lst:

title Ophcrack

kernel /bootoph/bzImage rw root=/dev/null vga=normal lang=C kmap=us screen=1024x768x16 autologin

initrd /bootoph/rootfs.gz

Link to comment
Share on other sites

Excellent episode, many thanks Frank Castle & Hak5 crew!

Tried grub yesterday evening real quick, with mixed results. First, it just got blank screen with blinking_, on second try i got grub list. After some minor tweaks, just blinking _. Stick is Kingston Datatraveler 4GB formatted as FAT32 so should work really nice.

Maybe i just wait for some good "release" :)

I got that when I had some configuration typos, and also when I had a corrupted splash image. Double-check your menu.lst for any mistakes and try booting it without the splash image.

Link to comment
Share on other sites

You can use ISO mapping in grub4dos for some distros but not for everything. It works fine for tools like Acronis, kon-boot, dban, recovery part only from Win7/Vista DVDs, etc but for the rest it doesnt work cause protected mode kicks in on their kernels making any virtual boot objects made with grub4dos map inaccessible.

Since i've already done some playing around long before this ep, let me go ahead and mention straight up what doesnt work from ISO mapping (or at least what I've tried and doesnt work so far):

Installing Windows (any version) by booting from ISO made from Windows install media, Helix, BackTrack, probably not Ubuntu since Helix is made from it, UBCD4Win

In short any real mode OSes/Utilities well work with map, everything else you need to extract to a physical partition.

Now in regard to finding files that are actually there but cant be found...

I myself (though I've got a multibooting USB) would also like a multi-boot DVD/CD. The problem is, say you got a file called vmlinuz in /boot folder. If you use:

find /BOOT/VMLINUZ it finds it even if its lowercase. Even if you specify upper in your menu.lst you'll probably have a hard time booting it. Its very wierd behavior that'll need to be worked out in future versions of grub4dos.

Link to comment
Share on other sites

Just a note...

IF any of you are using GIMP on Windows,

"Although GIMP supports .xpm files, the Windows 32 port of the Gimp saves in an .xpm format that is NOT compatible with GRUB."

so if you did this and are getting that blinking _ , go here

heres my splashimage

2046310.gif

Also, i dont think color blue/black works after using splashimage

i might be wrong tell me if i am

Link to comment
Share on other sites

I have Trinity Rescue Kit running on my USB, however, when it loads I see no boot options. What it does is just waits and then go right to the terminal. How can I get it to load the boot options? Somehow I need to tell it to use the vesamenu.32...is that correct?

Here is what I have so far:

title Trinity Rescue Kit

kernel /trinityrescuekit/kernel.trk initrd /trinityrescuekit/initrd.trk ramdisk_size=49152 root=/dev/ram0 vga=788 splash=verbose

initrd /trinityrescuekit/initrd.trk

Thanks for your help and thank you Hak5 for doing things that are right up my alley!

Link to comment
Share on other sites

Frank Castle: I got the partitions to work for me pretty easily.First I set up the multipass on the flashdrive without partitioning it. Then I used Ubuntu and gparted create a new partition and leave enough room in the old partition for all the boot stuff. I them used labels to mark the boot partition as hidden. This seems to allow it to boot fine but be hidden in windows. The other partition is not hidden and works fine in windows. I can still see both partitions in Ubuntu so editing the boot partition is stil pretty easy.

I do have a question tho. I have gotten nt password to boot but when it boots it cant find the harddrive where windows is installed. it just finds the 2 partitions of my flash drive. here is what i used for grub.i just copied Darren's from the show notes. any ideas of why this is or how to fix it?

title ntpasswd
kernel /ntpasswd/vmlinuz rw vga=1 initrd=/ntpasswd/initrd.cgz /ntpasswd/scsi.cgz
initrd /ntpasswd/initrd.cgz

Link to comment
Share on other sites

Frank Castle: I got the partitions to work for me pretty easily.First I set up the multipass on the flashdrive without partitioning it. Then I used Ubuntu and gparted create a new partition and leave enough room in the old partition for all the boot stuff. I them used labels to mark the boot partition as hidden. This seems to allow it to boot fine but be hidden in windows. The other partition is not hidden and works fine in windows. I can still see both partitions in Ubuntu so editing the boot partition is stil pretty easy.

I do have a question tho. I have gotten nt password to boot but when it boots it cant find the harddrive where windows is installed. it just finds the 2 partitions of my flash drive. here is what i used for grub.i just copied Darren's from the show notes. any ideas of why this is or how to fix it?

title ntpasswd
kernel /ntpasswd/vmlinuz rw vga=1 initrd=/ntpasswd/initrd.cgz /ntpasswd/scsi.cgz
initrd /ntpasswd/initrd.cgz

You need to patch it. See http://www.911cd.net/forums/lofiversion/in...php/t19643.html

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...