Jump to content

Recommended Posts

Posted

I couldnt find a topic for this anywhere so here it is.

I have been looking for a way to edit my boot.ini file so that ntldr will look for a a live linux operating system on a USB flash drive, and, if present, boot form that. If not, i needs to boot into windows WITH NO OBVIOUS CHANGES TO THE SYSTEM, meaning that if someone (like a sys admin) watched the boot process, they would not be able to tell that anything had been changed.

I know that this would have to be VERY machine specific, but it may be useable for those that are in need of a more secure system, or those who are just very paranoid.

Thanks,

smd75jr

Posted

Sadly, thats not possible, what im trying to do is creat a proof-of-concept hack to demonstrate to my high schools IT department and sys admins that there "super ultra secure" laptops (each student gets one) arent as secure as they think they are. (yes i asked if it was ok). The BIOS is locked up tight, and the boot device menu is disabled, thats where i keep running into problems.

Posted

There is some documentation here but it's not particularity clear: http://www.tburke.net/info/ntldr/ntldr_hacking_guide.htm also check here: http://jaeger.morpheus.net/linux/ntldr.php

What you can do is take an image of a boot sector then point the windows boot loader at it:

C:\MBR.LIN = "Linux 1.1.59"

Trouble is, access to USB memory sticks is a big question mark. The chance you have of making this work is to first, make a USB memory stick bootable by it's self (install DSL or some thing). Then (on another computer) install GRUB to the MBR of a hard disk such that it's root is the memory stick. Then take a copy of the MBR (dd if=<the hard disk that grub is installed on> of=<file> bs=512 count=1), put the copy in the root of c, and add

C:\&lt;file&gt; = "GRUB"

to boot.ini.

The big problem with GRUB and LILO in this situation is that they both want a file system to read various things from, which won't be available (probably). If you can sneek a 6MB partition on to the laptops hard disk this would be much easier.

Posted

Thanks, My original thought was to go into the boot.ini file in the root of the C: drive and and a section that simply told it to boot from (insert device id here), and if its not there, then to not complain about it and continue to boot windows.

Posted

What OS is it, because boot.ini is not even used from Vista on up. You coudl try a trick though, like starting in safe mode, cmd window only, then using something like grub4dos on the main c drive to boot a usbkey and try to launch from there somehow. Woudl requir eyou to copy grub4dos files to the c drive, then reboot into safe mode cmd propmt. Not evne sure its possible, but worth trying just for the hell of it.

Posted

Right now, my thought is to use the MBR file (the name escapes me at the moment) that gets dumped from the linux MBR (using the dd comand listed in the links from sparda) and figure out how to edit those into the boot.ini file. my problem now being that i want to know what file the linux MBR file points to to simplify the process.

Posted
What OS is it, because boot.ini is not even used from Vista on up. You coudl try a trick though, like starting in safe mode, cmd window only, then using something like grub4dos on the main c drive to boot a usbkey and try to launch from there somehow. Woudl requir eyou to copy grub4dos files to the c drive, then reboot into safe mode cmd propmt. Not evne sure its possible, but worth trying just for the hell of it.

That is a really great idea....but if the system has any sort of sector recovery software such as Faronics Deep freeze then whatever packets are installed to the HDD from the previous session will be deleted when he reboots Lets hope that your hawkish sysadmin doesn't have that or something similar installed

Other than that, the idea gives me a wealth of other ideas about dropping hidden files to the O/S root then getting the boot manager to run those on startup ......such as the ones similar in the Hacksaw project but hidden from the root o/s

*strums fingers through beard thinking evil thoughts*

Posted
In order to modify the file system you'll have to attach the hard disk to another computer.

I have a super user, (though anti-executable still affects normal pragrams, java programs and cmd tools still work), so i can edit hidden files and the changes will stay.

Posted
There is some documentation here but it's not particularity clear: http://www.tburke.net/info/ntldr/ntldr_hacking_guide.htm also check here: http://jaeger.morpheus.net/linux/ntldr.php

What you can do is take an image of a boot sector then point the windows boot loader at it:

C:\MBR.LIN = "Linux 1.1.59"

Trouble is, access to USB memory sticks is a big question mark. The chance you have of making this work is to first, make a USB memory stick bootable by it's self (install DSL or some thing). Then (on another computer) install GRUB to the MBR of a hard disk such that it's root is the memory stick. Then take a copy of the MBR (dd if=<the hard disk that grub is installed on> of=<file> bs=512 count=1), put the copy in the root of c, and add

C:\&lt;file&gt; = "GRUB"

to boot.ini.

The big problem with GRUB and LILO in this situation is that they both want a file system to read various things from, which won't be available (probably). If you can sneek a 6MB partition on to the laptops hard disk this would be much easier.

I am very confused on how to do this. I have tried on at least 4 different distros and still cannot get any more then a blank, empty file.

Posted

The first 512 bytes of a hard disk is known as the Master Boot Record (MBR). You are trying to copy this to a file using dd (dd if=<hard disk> of=<file> count=1 bs=512). The hard disk has to have a boot loader installed in order for this to work.

Posted
The first 512 bytes of a hard disk is known as the Master Boot Record (MBR). You are trying to copy this to a file using dd (dd if=<hard disk> of=<file> count=1 bs=512). The hard disk has to have a boot loader installed in order for this to work.

When i open the bootsect.lnx file, what should it look like?

When i open it in the Linux distros text editor, its just a bunch of periods, whn i open it in windows, its just a bunch of spaces.

Posted

What happens if you try to boot into safe mode?

Posted
What happens if you try to boot into safe mode?

It doesnt let us do very much more than normal, although I do have a super user that isnt affected by deep freeze.

Posted

Wont mount the drive in windows, maybe they have a group policy to not load external drives or your thumb drive isnt set up properly.

What I do is format as fat32 and bootable usign the HP USB tool, then copy over the win98 dos files along with grub4dos and the backtrack files in one folder, then change my menu.lst to point to the backtrack kernel and you should be good to go. (Im not even 100% sure you can load linux this way while windows is already running though - or how are you doing this)

Posted
Wont mount the drive in windows, maybe they have a group policy to not load external drives or your thumb drive isnt set up properly.

What I do is format as fat32 and bootable usign the HP USB tool, then copy over the win98 dos files along with grub4dos and the backtrack files in one folder, then change my menu.lst to point to the backtrack kernel and you should be good to go. (Im not even 100% sure you can load linux this way while windows is already running though - or how are you doing this)

My main problem is my not knowing how to configure the menu.lst,

Also, i need to know how grub4dos addresses usb flashdrives.

There dosnt seem to be any documentation on either.

Posted

You could try using grub4dos in the way described to boot a 'normal' linux boot loader. Put the grldr file in the root of c and add

C:\ grldr = "GRUB4DOS"

to boot.ini. Probably needs other files, but I haven't looked at it in detail.

Posted
You could try using grub4dos in the way described to boot a 'normal' linux boot loader. Put the grldr file in the root of c and add
C:\ grldr = "GRUB4DOS"

to boot.ini. Probably needs other files, but I haven't looked at it in detail.

That is what i have been trying to do, but again, i am not sure how grub4dos addresses USB flash drives, also it is not clear how to configure the menu.lst

This is the menu.lst

# This is a sample menu.lst file. You should make some changes to it.
# The old install method of booting via the stage-files has been removed.
# Please install GRLDR boot strap code to MBR with the bootlace.com
# utility under DOS/Win9x or Linux.

color blue/green yellow/red white/magenta white/magenta
timeout 30
default /default

title find and load NTLDR of Windows NT/2K/XP
fallback 1
find --set-root --ignore-floppies --ignore-cd /ntldr
map () (hd0)
map (hd0) ()
map --rehook
find --set-root --ignore-floppies --ignore-cd /ntldr
chainloader /ntldr
savedefault --wait=2

title find and load BOOTMGR of Windows VISTA
fallback 2
find --set-root --ignore-floppies --ignore-cd /bootmgr
map () (hd0)
map (hd0) ()
map --rehook
find --set-root --ignore-floppies --ignore-cd /bootmgr
chainloader /bootmgr
savedefault --wait=2

title find and load CMLDR, the Recovery Console of Windows NT/2K/XP
fallback 3
find --set-root --ignore-floppies --ignore-cd /cmldr
map () (hd0)
map (hd0) ()
map --rehook
find --set-root --ignore-floppies --ignore-cd /cmldr
chainloader /cmldr
#####################################################################
# write string "cmdcons" to memory 0000:7C03 in 2 steps:
#####################################################################
# step 1. Write 4 chars "cmdc" at 0000:7C03
write 0x7C03 0x63646D63
# step 2. Write 3 chars "ons" and an ending null at 0000:7C07
write 0x7C07 0x00736E6F
savedefault --wait=2

title find and load IO.SYS of Windows 9x/Me
fallback 4
find --set-root /io.sys
chainloader /io.sys
savedefault --wait=2

title find and boot 0PE.ISO
fallback 5
find --set-root /0PE/0PE.ISO
map /0PE/0PE.ISO (0xff) || map --mem /0PE/0PE.ISO (0xff)
map --hook
chainloader (0xff)
savedefault --wait=2

title find and boot MicroPE.ISO
fallback 6
find --set-root /boot/MicroPE.ISO
map /boot/MicroPE.ISO (0xff) || map --mem /boot/MicroPE.ISO (0xff)
map --hook
chainloader (0xff)
savedefault --wait=2

title Parted Magic ISO
fallback 7
find --set-root /pmagic.iso
map /pmagic.iso (0xff) || map --mem /pmagic.iso (0xff)
map --hook
chainloader (0xff)
savedefault --wait=2

title Ultimate Boot CD ISO
fallback 8
find --set-root /ubcd.iso
map /ubcd.iso (0xff) || map --mem /ubcd.iso (0xff)
map --hook
chainloader (0xff)
savedefault --wait=2

title commandline
commandline

title floppy (fd0)
chainloader (fd0)+1
rootnoverify (fd0)

title back to dos
quit

title reboot
reboot

title halt
halt

title MAXDOS.IMG
find --set-root --ignore-floppies /boot/MAXDOS.IMG
map --mem /boot/MAXDOS.IMG (fd0)
map --hook
chainloader (fd0)+1
rootnoverify (fd0)


Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...