Livecd Project

[c0r]

Hello again,

My friend and me are working on this project.

We are trying to make some windows livcd's that are vulnerable.

Well this is our first attempt.

You can download it by sending me a pm. ;D

All you need is vmware player (free) config it as bridged and your good to go.

So get your hashes ;D

Any feedback is welcome!

Edited March 29, 2011 by c0r

[c0r]

Every student can try out a windows distro for a month.

[digininja]

I agree with DeAuthThis, the only other group I know of who have managed to put out a Windows distro legally is the Metasploit Unleashed project who used a version of a machine released by NIST (I think) which was released and made semi-legit because of its purpose.

[c0r]

I changed the thread...pm me for the link.

[digip]

You can download the install ISO's from Microsoft for specific operating systems, such as the 180 day trials of Server 2003/2008, etc. There are also virtual machines from http://nvd.nist.gov/fdcc/download_fdcc.cfm that digininja mentioned but the NIST files are Virtual PC Images meant for pentesting and not to install natively. Those are the only two places I know of that allow you to download windows for free, but they all have expiration dates.

If you want to make a Live XP Disc, you can use BartPE or UBCD4WIN, but this would be for your own personal use from your own licensed disc. To put it online for others to download, is illegal. Posting instructions on how to set one up from your own install disc or existing OS though is not and there are plenty of sites with tutorials on how to do this.

[c0r]

We will try this at another way.(legal issue)

We will try and make a setup file that installs everything on your xp iso

off choice.So you can use your own xp key (thx g0tmi1k for the idea!)

will keep you informed!

[Infiltrator]

We will try this at another way.(legal issue)

We will try and make a setup file that installs everything on your xp iso

off choice.So you can use your own xp key (thx g0tmi1k for the idea!)

will keep you informed!

I was thinking the same way, instead of distributing a copy of XP with a pre-loaded license key, it could be distributed in a 30 days grace period.

And anyone who wants to use it beyond the 30 days, must purchase a license from Microsoft. Now I don't think that's breaking the law.

You can correct me if I am wrong.

Edited April 2, 2011 by Infiltrator

[digip]

Windows license specifies its not made to be installed on portable media. A PE image is a static state, and Microsoft offers tools to make your own for doing installations, but people like the BartPE and UBCD4WIN projects have taken it a step further to add tools for forensics, data recover, password resetting, registry editing, etc. but those projects rely on your already existing, legit license.

[Infiltrator]

Windows license specifies its not made to be installed on portable media. A PE image is a static state, and Microsoft offers tools to make your own for doing installations, but people like the BartPE and UBCD4WIN projects have taken it a step further to add tools for forensics, data recover, password resetting, registry editing, etc. but those projects rely on your already existing, legit license.

10-4 on that, I forgot to realize that part.

However, the OP could create an image without pre-loading the key and distribute it as it is.

Anyone who downloads it, will need to install the key and then make a bootable CD.

It may be add bit of work, but in the end the CD will be bootable and the license legit.

What do you think?

Edited April 3, 2011 by Infiltrator

[digip]

I think if I want a Live Windows CD, I will just make my own with UBCD4WIN, which I already have and use to fix machines.

Want vulnerable machines to pentest, just install XP SP2 in a VM with no updates and you are set to go. Even counterfeit/pirated torrents would be useful for just pentesting in a VM(so long as they couldn't get out of the hypervisor, which is possible).

This thread doesn't even make sense really. I fail to see why anyone would want an insecure live cd of windows, as stated by the OP in the first post.

[c0r]

Try and hack a fully patched xp sp3 with firewall enabled in a vm.

Then it will make sense.

The purpose off this thread is making exploitable windows livecd's with different apps on them.

Why would anyone use an insecure linux livecd...same thing! To learn!

[digip]

Try and hack a fully patched xp sp3 with firewall enabled in a vm.

Then it will make sense.

The purpose off this thread is making exploitable windows livecd's with different apps on them.

Why would anyone use an insecure linux livecd...same thing! To learn!

Well, personally I would only use it in a VM, and not booted off of it, because whatever gets compromised, someone could then have access to the underlying machine its running in. Stuff like Damn Vulnerable Linux is meant to be installed in a VM, not so much installed on a production box or even run as a live cd, even though you could.

[Infiltrator]

Well, personally I would only use it in a VM, and not booted off of it, because whatever gets compromised, someone could then have access to the underlying machine its running in. Stuff like Damn Vulnerable Linux is meant to be installed in a VM, not so much installed on a production box or even run as a live cd, even though you could.

I do have to agree with Digip on this one, it would be a lot safer to use a VM, other than using a personal desktop computer.

Image someone uploading a Trojan with hardware exploitation capabilities. I wouldn't want this to happen to my desktop computer, so it makes perfect sense to run a penetration test on a virtualized environment.

At least you have a degree of control when running these tests on a VM.