Sunday, August 31, 2008

The Ultimate Hacker Key

The Ultimate Hacker Key (aka who needs a key chain)

While listening to PaulDotCom Security Weekly 114 I "discovered" UNetbootin - Universal Netboot Installer. Paul talked about installing Backtrack 3 on his USB key and how easy UNetbootin was to use. A colleague of mine recently expressed an interest in having Backtrack running on a USB Key so I thought I would take a look.

Installing Backtrack 3

Getting Backtrack installed and ready to boot from usb is so simple using UNetbootin it almost does not require directions. But here they are:
  1. Goto
  2. Click Download (for windows or Linux)
  3. Insert your USB Key
  4. Run UNetBootin
  5. Select BackTrack from the Distribution Download
  6. The Version populates automatically
  7. Select the drive that is your USB key (hint: it is probably not C:\)
  8. Click Okay
  9. Wait
  10. Reboot and if USB is a boot option the Backtrack menu should appear
So who needs a Key Chain

On several PaulDotCom Security Weekly podcasts, Larry referenced and described his key chain. It has some pretty cool things but who needs a key chain when you have a 8 GB Kingston USB key ($19.99 CDN at FutureShop last week). It got me thinking, whether I could get all those things on one device.

First up - Ophcrack

Ophcrack is a free Windows password cracker based on rainbow tables. So, lets get it installed:
  1. Plug in the USB Key
  2. Download the ophcrack LiveCD iso from
  3. Mount the iso image (mount -o loop ophcrack-xp-livecd-2.0.1.iso /mnt/cdrom)
  4. Copy the main directory to the USB key (cp -ra /mnt/cdrom/ophcrack /media/usbkey/)
  5. Copy and rename the boot directory (cp -ra /mnt/cdrom/boot /media/usbkey/bootoph)
  6. umount /mnt/cdrom
  7. Edit the syslinux.cfg from Backtrack 3 (vim /media/usbkey/boot/syslinux/syslinux.cfg)
  8. Comment out any extra Backtrack 3 boot images that you don't plan to use
  9. Add in the boot section from /media/usbkey/bootoph/ophcrack.cfg like:
    LABEL xconf
    MENU LABEL Ophcrack Graphic mode
    KERNEL /bootoph/vmlinuz
    APPEND initrd=/bootoph/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw autoexec=xconf;startx changes=/slax/
  10. Note that the /boot/ references were changed to /bootoph/
  11. Reboot

Second - Offline NT Password & Registry Editor

This is a utility to (re)set the password of any user that has a valid (local) account on your Windows NT/2k/XP/Vista etc system. You do not need to know the old password to set a new one.

This is a very small live CD so putting it on its own USB key seems like a waste.
  1. Download the CD image from
  2. Unzip the zip the zip file to obtain the cd080802.iso
  3. mount the iso file (mount -o loop cd080802.iso /mnt/cdrom)
  4. create a boot directory called bootnpwd on the USB key (mkdir /media/usbkey/bootpwd)
  5. Copy all files froom the iso to the new directory (cp -ra /mnt/cdrom/* /media/usbkey/bootnpwd)
  6. umount /mnt/cdrom
  7. Edit the syslinux.cfg from Backtrack 3 (vim /media/usbkey/boot/syslinux/syslinux.cfg)
  8. Add in the boot section from /media/usbkey/bootnpwd/syslinux.cfg like:
    LABEL bootnwd
    MENU LABEL Offline NT Password and Registry Editor
    KERNEL /bootnpwd/vmlinuz
    APPEND rw vga=1 initrd=/bootnpwd/initrd.cgz,/bootnpwd/scsi.cgz
  9. Note that the /boot/ references were changed to /bootnpwd/
  10. Reboot
To Do List
  1. Add extra RainBow tables for OphCrack
  2. Add Ubuntu or some other General Purpose Distro
  1. For Windows users there are a number of utilities to mount an iso image as a drive. Do a Google Search or get a real OS ;-)
  2. The instructions above are from memory and while I have read it several times to remove obvious errors some may still exist. Leave feedback with corrections but use it has a guide...

No comments: