HackThisLiveCD Project

General technological topics without their own forum go here

HackThisLiveCD Project

Post by Vulpine on Fri Jul 29, 2011 12:02 am
([msg=60261]see HackThisLiveCD Project[/msg])

Penetration testing LiveCDs are everywhere (BackTrack being one of the most popular). They generally come loaded with a host of tools that can be used for analyzing, attacking, and forensics. However, there aren't very many that are designed specifically to be attacked. Damn Vulnerable Linux is probably one of, if not, the last to be maintained (to my knowledge).

If you read through this topic, viewtopic.php?f=9&t=7665, you probably saw a few ideas for site content get kicked around and a HTS LiveCD was one of them. PMs were sent, a little research was done, and here it is.

The idea is growing beyond the initial "this would be cool..." phase but it is nowhere near a fleshed out project. Since there is demand for community oriented projects, it was figured to make this officially public before going much further so that any interested parties can jump on-board and contribute from beginning to end.

What is the current idea?
The HackThisLiveCD (HTLCD) would be built using Arch Linux. It will be pre-configured with a web server, site, and hopefully a back-end database, all of which will launch as soon as you power-up the LiveCD. Realistically though, we're learning how to build all of this, so the final product may end up being something quite different. Arch Linux offers a number of methods for creating a LiveCD, all of which will need to be explored and played with. You can read about them here.

How will the group collaborate?
We don't know that yet. G+ might work to a degree and services such as GitHub probably won't. Ideas are welcome, though.

Where/How will it be hosted?
Again, we don't know. The image will likely exceed 200MB, at least during development before it can be stripped of any nonessentials, which means that many free hosting providers won't allow it. Torrents are a possibility...

How would it be organized?
The initial idea is to have a small group of developers who would control how the image-itself is configured and distributed. However, anyone would be free to propose ideas or changes.

You haven't thought this through very well, have you?
Nope. Like I said, it's just now moving passed the "This would be cool..." phase. Practically all of it is up in the air and could change in light of better ideas. This is an absolutely bare-boned project that the HTS community can collectively work on from conception to completion. There may be plenty of cursing and slamming of genitalia in doors but we'll have taught ourselves to make something cool in the end.

If you want to hop on, feel free to do so. Reply here, or PM mShred or myself with G+ if you want to be included on that front.
User avatar
Vulpine
Poster
Poster
 
Posts: 379
Joined: Fri Mar 26, 2010 11:14 pm
Blog: View Blog (0)


Re: HackThisLiveCD Project

Post by mShred on Fri Jul 29, 2011 4:33 am
([msg=60269]see Re: HackThisLiveCD Project[/msg])

Keep in mind that this is a learning process. Feel free to comment on anything. Have ideas, throw it out. Think you can help, let us know.
In no way have we contacted HackThisSite for permission to create this. Consider it an unofficial project.
User avatar
mShred
Addict
Addict
 
Posts: 1899
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: HackThisLiveCD Project

Post by JoeyPardella on Fri Jul 29, 2011 6:04 am
([msg=60273]see Re: HackThisLiveCD Project[/msg])

sounds fun, will you use the real software or code your own vuln-services?
anyway I have some time the next weeks, I could see me coding some web-portals to those services.
JoeyPardella
Experienced User
Experienced User
 
Posts: 81
Joined: Tue Jan 04, 2011 8:43 am
Blog: View Blog (0)


Re: HackThisLiveCD Project

Post by Vulpine on Fri Jul 29, 2011 9:07 am
([msg=60287]see Re: HackThisLiveCD Project[/msg])

JoeyPardella wrote:sounds fun, will you use the real software or code your own vuln-services? <br>anyway I have some time the next weeks, I could see me coding some web-portals to those services.


Real services. Apache, most likely, will be installed and configured along with whatever else ends up going in it. If you have an idea that involves coding your own vulnerability though, go ahead and lay it out. Would love to hear it.
User avatar
Vulpine
Poster
Poster
 
Posts: 379
Joined: Fri Mar 26, 2010 11:14 pm
Blog: View Blog (0)


Re: HackThisLiveCD Project

Post by JoeyPardella on Fri Jul 29, 2011 10:10 am
([msg=60294]see Re: HackThisLiveCD Project[/msg])

well not really it may be kinda similar to the realistic missions. breaking into websites using the common suspects, exploitwise.
however I can provide a Oracle DB if you need. Since I'm kind of an oracle geek I guess we could throw some scenarios together. Lately I saw some fun stuff with Java on oracle. Also JBoss war-file upload comes to my mind, stuff like that.

How are you gonna present the whole thing though? Will there be kind of a mission system or will it just be a vulnerable system where you can do what you want?
JoeyPardella
Experienced User
Experienced User
 
Posts: 81
Joined: Tue Jan 04, 2011 8:43 am
Blog: View Blog (0)


Re: HackThisLiveCD Project

Post by Vulpine on Fri Jul 29, 2011 10:22 am
([msg=60295]see Re: HackThisLiveCD Project[/msg])

JoeyPardella wrote:How are you gonna present the whole thing though? Will there be kind of a mission system or will it just be a vulnerable system where you can do what you want?


I pictured it as something that would be more or less free from rigid steps and guidelines. Having little-to-no direction can be intimidating to some people but it wouldn't necessarily be meant for the absolute beginner. Again, if someone, or yourself, has an alternative idea that you feel would work better, we're all ears.
User avatar
Vulpine
Poster
Poster
 
Posts: 379
Joined: Fri Mar 26, 2010 11:14 pm
Blog: View Blog (0)


Re: HackThisLiveCD Project

Post by Phantom Wolf on Fri Jul 29, 2011 11:11 am
([msg=60296]see Re: HackThisLiveCD Project[/msg])

How about a system set up so no one can log into it? The user's goal would be gaining root access through any one of several exploits.
"Well it isn't my fault. I shouldn't have been allowed to do something to crash it." "No, you shouldn't have been allowed to buy a computer in the first place"
Phantom Wolf
Poster
Poster
 
Posts: 271
Joined: Wed Mar 03, 2010 8:45 pm
Blog: View Blog (0)


Re: HackThisLiveCD Project

Post by centip3de on Fri Jul 29, 2011 5:09 pm
([msg=60315]see Re: HackThisLiveCD Project[/msg])

I'm interested. PM me, if you want some help.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Addict
Addict
 
Posts: 1479
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: HackThisLiveCD Project

Post by sanddbox on Fri Jul 29, 2011 6:36 pm
([msg=60318]see Re: HackThisLiveCD Project[/msg])

I'm very excited about this. For distribution, you might be able to convince Kage to allow a download from the HTS main site, but I'm not really sure what our servers can handle.

This needs to be on torrent for certain; I'll seed it on my work connection which has up to 15 megabits/second of upload.

As for the content of the CD itself, would it have custom missions or simply the HTS ones?
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2344
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: HackThisLiveCD Project

Post by mShred on Fri Jul 29, 2011 6:48 pm
([msg=60321]see Re: HackThisLiveCD Project[/msg])

sanddbox wrote:I'm very excited about this. For distribution, you might be able to convince Kage to allow a download from the HTS main site, but I'm not really sure what our servers can handle.

Whether we can or not, it'd be great to have that.
This needs to be on torrent for certain; I'll seed it on my work connection which has up to 15 megabits/second of upload.

Most definately.
As for the content of the CD itself, would it have custom missions or simply the HTS ones?

Custom ones, but HTS's own aren't a bad idea at all.
User avatar
mShred
Addict
Addict
 
Posts: 1899
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Next

Return to General

Who is online

Users browsing this forum: No registered users and 0 guests