c0r Posted March 29, 2011 Share Posted March 29, 2011 (edited) Hello again, My friend and me are working on this project. We are trying to make some windows livcd's that are vulnerable. Well this is our first attempt. You can download it by sending me a pm. ;D All you need is vmware player (free) config it as bridged and your good to go. So get your hashes ;D Any feedback is welcome! Edited March 29, 2011 by c0r Quote Link to comment Share on other sites More sharing options...
c0r Posted March 29, 2011 Author Share Posted March 29, 2011 Every student can try out a windows distro for a month. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 29, 2011 Share Posted March 29, 2011 I agree with DeAuthThis, the only other group I know of who have managed to put out a Windows distro legally is the Metasploit Unleashed project who used a version of a machine released by NIST (I think) which was released and made semi-legit because of its purpose. Quote Link to comment Share on other sites More sharing options...
c0r Posted March 29, 2011 Author Share Posted March 29, 2011 I changed the thread...pm me for the link. Quote Link to comment Share on other sites More sharing options...
digip Posted March 29, 2011 Share Posted March 29, 2011 You can download the install ISO's from Microsoft for specific operating systems, such as the 180 day trials of Server 2003/2008, etc. There are also virtual machines from http://nvd.nist.gov/fdcc/download_fdcc.cfm that digininja mentioned but the NIST files are Virtual PC Images meant for pentesting and not to install natively. Those are the only two places I know of that allow you to download windows for free, but they all have expiration dates. If you want to make a Live XP Disc, you can use BartPE or UBCD4WIN, but this would be for your own personal use from your own licensed disc. To put it online for others to download, is illegal. Posting instructions on how to set one up from your own install disc or existing OS though is not and there are plenty of sites with tutorials on how to do this. Quote Link to comment Share on other sites More sharing options...
c0r Posted April 2, 2011 Author Share Posted April 2, 2011 We will try this at another way.(legal issue) We will try and make a setup file that installs everything on your xp iso off choice.So you can use your own xp key (thx g0tmi1k for the idea!) will keep you informed! Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted April 2, 2011 Share Posted April 2, 2011 (edited) We will try this at another way.(legal issue) We will try and make a setup file that installs everything on your xp iso off choice.So you can use your own xp key (thx g0tmi1k for the idea!) will keep you informed! I was thinking the same way, instead of distributing a copy of XP with a pre-loaded license key, it could be distributed in a 30 days grace period. And anyone who wants to use it beyond the 30 days, must purchase a license from Microsoft. Now I don't think that's breaking the law. You can correct me if I am wrong. Edited April 2, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
digip Posted April 2, 2011 Share Posted April 2, 2011 Windows license specifies its not made to be installed on portable media. A PE image is a static state, and Microsoft offers tools to make your own for doing installations, but people like the BartPE and UBCD4WIN projects have taken it a step further to add tools for forensics, data recover, password resetting, registry editing, etc. but those projects rely on your already existing, legit license. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted April 3, 2011 Share Posted April 3, 2011 (edited) Windows license specifies its not made to be installed on portable media. A PE image is a static state, and Microsoft offers tools to make your own for doing installations, but people like the BartPE and UBCD4WIN projects have taken it a step further to add tools for forensics, data recover, password resetting, registry editing, etc. but those projects rely on your already existing, legit license. 10-4 on that, I forgot to realize that part. However, the OP could create an image without pre-loading the key and distribute it as it is. Anyone who downloads it, will need to install the key and then make a bootable CD. It may be add bit of work, but in the end the CD will be bootable and the license legit. What do you think? Edited April 3, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
digip Posted April 3, 2011 Share Posted April 3, 2011 I think if I want a Live Windows CD, I will just make my own with UBCD4WIN, which I already have and use to fix machines. Want vulnerable machines to pentest, just install XP SP2 in a VM with no updates and you are set to go. Even counterfeit/pirated torrents would be useful for just pentesting in a VM(so long as they couldn't get out of the hypervisor, which is possible). This thread doesn't even make sense really. I fail to see why anyone would want an insecure live cd of windows, as stated by the OP in the first post. Quote Link to comment Share on other sites More sharing options...
c0r Posted April 3, 2011 Author Share Posted April 3, 2011 Try and hack a fully patched xp sp3 with firewall enabled in a vm. Then it will make sense. The purpose off this thread is making exploitable windows livecd's with different apps on them. Why would anyone use an insecure linux livecd...same thing! To learn! Quote Link to comment Share on other sites More sharing options...
digip Posted April 3, 2011 Share Posted April 3, 2011 Try and hack a fully patched xp sp3 with firewall enabled in a vm. Then it will make sense. The purpose off this thread is making exploitable windows livecd's with different apps on them. Why would anyone use an insecure linux livecd...same thing! To learn! Well, personally I would only use it in a VM, and not booted off of it, because whatever gets compromised, someone could then have access to the underlying machine its running in. Stuff like Damn Vulnerable Linux is meant to be installed in a VM, not so much installed on a production box or even run as a live cd, even though you could. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted April 4, 2011 Share Posted April 4, 2011 Well, personally I would only use it in a VM, and not booted off of it, because whatever gets compromised, someone could then have access to the underlying machine its running in. Stuff like Damn Vulnerable Linux is meant to be installed in a VM, not so much installed on a production box or even run as a live cd, even though you could. I do have to agree with Digip on this one, it would be a lot safer to use a VM, other than using a personal desktop computer. Image someone uploading a Trojan with hardware exploitation capabilities. I wouldn't want this to happen to my desktop computer, so it makes perfect sense to run a penetration test on a virtualized environment. At least you have a degree of control when running these tests on a VM. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.