HackThisLiveCD Project

[Vulpine]

Penetration testing LiveCDs are everywhere (BackTrack being one of the most popular). They generally come loaded with a host of tools that can be used for analyzing, attacking, and forensics. However, there aren't very many that are designed specifically to be attacked. Damn Vulnerable Linux is probably one of, if not, the last to be maintained (to my knowledge).

If you read through this topic, viewtopic.php?f=9&t=7665, you probably saw a few ideas for site content get kicked around and a HTS LiveCD was one of them. PMs were sent, a little research was done, and here it is.

The idea is growing beyond the initial "this would be cool..." phase but it is nowhere near a fleshed out project. Since there is demand for community oriented projects, it was figured to make this officially public before going much further so that any interested parties can jump on-board and contribute from beginning to end.

What is the current idea?
The HackThisLiveCD (HTLCD) would be built using Arch Linux. It will be pre-configured with a web server, site, and hopefully a back-end database, all of which will launch as soon as you power-up the LiveCD. Realistically though, we're learning how to build all of this, so the final product may end up being something quite different. Arch Linux offers a number of methods for creating a LiveCD, all of which will need to be explored and played with. You can read about them here.

How will the group collaborate?
We don't know that yet. G+ might work to a degree and services such as GitHub probably won't. Ideas are welcome, though.

Where/How will it be hosted?
Again, we don't know. The image will likely exceed 200MB, at least during development before it can be stripped of any nonessentials, which means that many free hosting providers won't allow it. Torrents are a possibility...

How would it be organized?
The initial idea is to have a small group of developers who would control how the image-itself is configured and distributed. However, anyone would be free to propose ideas or changes.

You haven't thought this through very well, have you?
Nope. Like I said, it's just now moving passed the "This would be cool..." phase. Practically all of it is up in the air and could change in light of better ideas. This is an absolutely bare-boned project that the HTS community can collectively work on from conception to completion. There may be plenty of cursing and slamming of genitalia in doors but we'll have taught ourselves to make something cool in the end.

If you want to hop on, feel free to do so. Reply here, or PM mShred or myself with G+ if you want to be included on that front.

[mShred]

Keep in mind that this is a learning process. Feel free to comment on anything. Have ideas, throw it out. Think you can help, let us know.
In no way have we contacted HackThisSite for permission to create this. Consider it an unofficial project.

[JoeyPardella]

sounds fun, will you use the real software or code your own vuln-services?
anyway I have some time the next weeks, I could see me coding some web-portals to those services.

[Vulpine]

sounds fun, will you use the real software or code your own vuln-services? <br>anyway I have some time the next weeks, I could see me coding some web-portals to those services.

Real services. Apache, most likely, will be installed and configured along with whatever else ends up going in it. If you have an idea that involves coding your own vulnerability though, go ahead and lay it out. Would love to hear it.

[JoeyPardella]

well not really it may be kinda similar to the realistic missions. breaking into websites using the common suspects, exploitwise.
however I can provide a Oracle DB if you need. Since I'm kind of an oracle geek I guess we could throw some scenarios together. Lately I saw some fun stuff with Java on oracle. Also JBoss war-file upload comes to my mind, stuff like that.

How are you gonna present the whole thing though? Will there be kind of a mission system or will it just be a vulnerable system where you can do what you want?

[Vulpine]

How are you gonna present the whole thing though? Will there be kind of a mission system or will it just be a vulnerable system where you can do what you want?

I pictured it as something that would be more or less free from rigid steps and guidelines. Having little-to-no direction can be intimidating to some people but it wouldn't necessarily be meant for the absolute beginner. Again, if someone, or yourself, has an alternative idea that you feel would work better, we're all ears.

[Phantom Wolf]

How about a system set up so no one can log into it? The user's goal would be gaining root access through any one of several exploits.

[centip3de]

I'm interested. PM me, if you want some help.

[sanddbox]

I'm very excited about this. For distribution, you might be able to convince Kage to allow a download from the HTS main site, but I'm not really sure what our servers can handle.

This needs to be on torrent for certain; I'll seed it on my work connection which has up to 15 megabits/second of upload.

As for the content of the CD itself, would it have custom missions or simply the HTS ones?

[mShred]

I'm very excited about this. For distribution, you might be able to convince Kage to allow a download from the HTS main site, but I'm not really sure what our servers can handle.

Whether we can or not, it'd be great to have that.

This needs to be on torrent for certain; I'll seed it on my work connection which has up to 15 megabits/second of upload.

Most definately.

As for the content of the CD itself, would it have custom missions or simply the HTS ones?

Custom ones, but HTS's own aren't a bad idea at all.