Assault Disks
PROBLEM: You are in a restrictive environment, either your work
has locked you down or your school. Say you are at a NT workstation that
will only let you run WordPerfect. Sure you could just supervent the policies
(w/ explorer.exe) but what you really want is to have a REAL Operating System
at your disposal, like Linux.
SOLUTION: The Academic Underground Assault Disks will do the trick
for you. There are two diskettes, 1 is a boot disk the other is an Assault
pack. First you boot up with your disk, this will load the Linux 2.0.36 kernel
and OS files into RAM. When you see the login prompt you are now running
100% out of RAM. Login and then load the Assault pack, this will give you
all those handy dandy utils you just love. See below for a better desc.
REQ: You will need a bootable floppy, and at least 6 Megs of RAM.
DISK1 - BOOT DISK
This is just the basic boot disk. This was mainly taken from the
Linux Router Project and modified
to fit our needs. We added some needed libraries and modules for extra
Filesystem support as well as some customized menus.
DISK2 - ASSAULT PACK
Here is were all the goodies are. Here is a short list on what is in the
Assault pack:
- Hunt 1.2 - Sniffer/Scanner/TCP Hijacker/Arp Spoofer
- ReadSMB v.51 - Sniffs NT passwords off the network
- Snoof - DNS Spoofer
- ADM-smb - ADM's NT Security Auditor (NAT)
- ADM-snmp - ADM's SNMP executer/brute force cracker
- John the Ripper 1.6 - Password cracker for DES/MD5/BF/AFS/LM
- unshadow - Unshadows passwords (John Util)
- NetCat 1.10 - If you don't know already .... sheesh
- NTFS module - Used to locally load NTFS partitions w/o security
Together you have support for 3com/Intel/Novell network cards, and
MINIX/MSDOS/VFAT/EXT2/NTFS local FS support. Once the disks are loaded they
do not need to be in the drive anymore. Which meens that you will get full
speed of aplications running 100% from RAM and you can freely stick blank
disks in to save your log files and what not. Plus if you need to quickly
erase evidence of your NEW OS just press RESET and blam, nothing.
DOWNLOAD
BOOT DISK - Disk 1
ASSAULT PACK - Disk 2
INSTALL
DOS/WINDOWS Install: You will need to download RAWRITE.EXE
and then type: RAWRITE ASSAULT.IMG A:
UNIX Install: just type: dd if=assault.img of=/dev/fd0
Then for disk two just copy assault.lrp to a DOS compatable disk.
That's it! Now you should be able to boot and load. Happy Hacking!
EXAMPLE
Here is a simple example of use: Joe Smack sits down at open lab and decides
he wants to see how the network works for his Datacomm report but he is
restricted to a lame NT box with just a few apps to use. So he pops in the
boot disk and presses reset. Shortly the AUassault login appears and he logs
in as root (Don't ask for the Password, I'm not tell'n). He then loads the
Assault pack. He also uses the menus to setup his network card, and since
he doesn't know an IP he accepts the defaults. Now he drops to a shell.
He loads up his NTFS module (insmod /lib/modules/ntfs.o) and mounts the
local NT drive (mount -t ntfs /dev/sda1 /mnt). He then proceeds to copy the
SAM file for later study (cp /mnt/WINNT/REPAIR/SAM._ /tmp). He slaps in a
disk, mounts it and saves the SAM to it for later study. He then can load
up his SMB sniffers and his hijackers to look for passwords, but Joe does not.
Becuase he knows that it is wrong to hack into things. He only uses the info
he sees of the network to setup his IP address to an unused one (check UP PCs
w/ Hunt) so that he could see how proper TCP/IP traffic worked.
He then writes a nice paper on how TCP/IP handshacking and ARP is used in
communications over the internet. NOTE: Joe Smack did not take home the
SAM._ and expand it so he could run SAMDUMP on it to crack the Admin
password, but mearly to attempt to fix a broken SAM on his home NT machine
(this repair by the way did not work). Oh well Joe, maybe next time he can
do a paper on how ARP spoffing and defeat switches to route all traffic to you,
Nah, that too would be wrong