Sign in to follow this  
Followers 0
Retro-Starr

PenSuite

14 posts in this topic

I would like to make a pensuite of my own. I got some stuff already on my USB, I practically live off it.

I like the idea of a pensuite that everybody can download and use.

So I was wondering if anybody has suggestions on what I should put in?

I'm looking for windows software.

I compress everything with UPX.

I like the idea of just having the computer to store the files, but everything you need is on the USB.

So would having a developer/casual mix be what I'm looking at?

I don't want this to be alot of work for people, so you could just put some of the most used programs you use or any ideas.

Thank you for all who post!

0

Share this post


Link to post
Share on other sites

Aside from a few random windows apps (and maybe a copy of TrueCrypt if you're not into getting caught with pentest software) here's two things that will give you a fantastic start:

QEmu Manager

BackTrack3 LiveCD image

The networking in QEmu is a little complicated, and if it didn't make everything so damned portable I wouldn't even suggest it. A lot of things on BT3 just won't work on this particular virtualization platform. If you can find a way to make VMWare (or something like it) portable please let me know. Also, if anyone knows of a way to make QEmu's networking a little better, let me know as well...

The next step might be to actually install BT3 onto the usb drive and let QEmu use its filesystem, that way you can boot off the stick if necessary, and just run the VM if you don't have to. That's what I do B)

0

Share this post


Link to post
Share on other sites

I've been thinking. (Haven't tested)

To get VMware Player portable couldn't you scan the registry for VMware entries.

That could be accomplished by "regfromapp" or "regshot". (Both are already in my USB)

From there, if you saved the *.reg file, you could make two batch files that load and unload the entries from the users computer.

I don't know if that'll work for the network connections too, but in theory it should right?

0

Share this post


Link to post
Share on other sites

Registry entries aren't the problem form vmware portability. The problem is that it installs a virtual network adapter, which essentially tunnels through your physical adapter, but has its own MAC address and is treated as a second network device by Windows. This allows VMWare to treat each VM as though it had a real live network adapter attached physically to your network, which is phenomenal and makes damn near everything work (i've run arp poisoners, sniffers, all kinds of apps doing very low-level things on the network interface in VMWare and they seem to work perfectly thus far).

QEmu (by default) acts more like a router sitting between the VM and your network, which means the QEmu machine is often on a different subnet, doesn't get its own (real) MAC address on the external network, etc. Of course most of this is configurable to tolerable levels - it also doesn't require local administrative privileges or the installation of virtual network devices. I think QEmu has an option to perform more advanced virtual networking, much like VMWare, but it does require local admin rights and I believe it also installs a virtual network adapter. I haven't tested that feature yet, and I'm not sure how difficult it is to set up or whether the device removes itself after termination or how much evidence it might leave behind. Perhaps I just found my project for this weekend...

I guess in the end you have to at least recognize this much... If you don't have enough privilege on the local box to add the virtual network adapter, you'll probably get far more accomplished booting off the drive anyway ;)

Do let me know if you find a better portable virtualization solution though, or if you have luck with the more advanced networking configuration of QEmu

0

Share this post


Link to post
Share on other sites

Wireshark

Nmap

Cain

Ettercap

Hijetter

Nessus

Netscan

Photorec

All of Nirsofts tools

Or well looking for both Windows and Linux tools?

0

Share this post


Link to post
Share on other sites

Thanks IronGeek!

I have Wireshark, nmap,and some tools from Nirsoft already.

I've been to http://www.usbhacks.com, didn't find too much useful.

I've already saw the Hacksaw/Switchblade on the Hak5 forums. Not really what I'm going for.

I would like some casual user stuff, but I tend to steer away from games.

But thanks for the contributions! :D

0

Share this post


Link to post
Share on other sites

Wireshark, nmap, and most packet sniffers I've tried on USB don't work unless winpcap is installed on the machine. Thus far putting the DLL on the thumbdrive hasn't worked either. I've had better luck with Damn Small Linux, which will run nmap without the winpcap. I would love any suggestions on how to get wireshark to work without it.

Softperfect Network Scanner works on my thumbdrive, and has come up with lots of interesting things, but I don't know how silent or traceable it is. Check it out here.

0

Share this post


Link to post
Share on other sites

That's funny. I think I say Softperfect Network Scanner on one of IronGeeks pages or it could have been (I think) the Defcon flier.

Either way, I have it on my USB currently. Nice tool.

As for Wireshark and nmap, doesn't wireshark have a updated version that you can use without winpcap?

I read it somewhere and I have it on my collection as well.

PortableApps.com has a version there.

I have two versions of nmap. One I got from the site and the other I snagged from NetTools.

Sadly I haven't used nmap so they hare just sitting there on my computer...

I'm hoping the MAB emails me back with which DLLs go with which program or I'll just have to figure it out myself.

NetTools is nice. Has 170+ programs. I'll just pick an choose which I like. Nice thing is that it's small, only 25MB (for installer).

0

Share this post


Link to post
Share on other sites

*************************

** In Case Your Wondering **

*************************

I'm using PStart to have a simple list that hides away in the sysbar

-Everything could have it's own space or group

-Definatly have NetTools has it's own group

-PStart has autorun.inf (Smexy picture of a pink floppy with heart in middle)

--.Apps (Folder with single exe's)

Backup.bat

bat_to_exe_converter.exe

CCleaner.exe

CDRecovery.exe

CMD.bat

DiskImg.exe

DoubleKiller.exe

DTaskManager.exe (replaced Process Explorer)

FileMon.exe

FileRecovery.exe

HijackThis.exe

NetScan.exe

Patcher.exe

PDFEdit.exe

ProduKey.exe

Recurva.exe

RegASSASSIN.exe

RegMon.exe

RegShot.exe

Restoration.exe

RootkitRevealer.exe

SIW.exe

TweakUI.exe

Undelete+.exe

UNDOReg.exe

VirtualDrives.exe

WirelessKeyView.exe

XP-SysPad.exe

--7-Zip

--AbiWord

--Audacity

--BonkEnc

--BruteBenchmark

--Camstudio

--Draggler

--DM2

--DriveImageXML

--Eraser

--ERUNT

--Explorer2fs

--FileAssassin

--Firefox (has portable Tor inside)

--FreeCommander

--FSCapture

--HexEditor (XVI32 and Hex-Ed)

--ImgBurn

--InfraView

--JazzUPX

--MPlayer

--Pidgin (has portable Skype inside)

--RevoUninstaller

--SandBoxie

--SciTE

--Snowbird (It doesn't seem to work on someone else's computer, I'll check it out)

--SumatraPDF

--TightVNC (IronGeek Version)

--uTorrent

--VirtualCD

Disk Space = 270MB

Formated FAT16 thanks to IronGeek.

Edited by Retro-Starr
0

Share this post


Link to post
Share on other sites

So many folders...!

Dammit Corleone! Why did you give me that?! So many folders...

Lol. Just Kidding. Thanks.

My method of getting software is to download the installer and use Universal Extractor to...well, extract it.

(And wow, can't believe I forgot to put Universal Extractor to my list.)

This method works good at times. It keeps everything together instead of the installer dishing everything out.

Just put everything in the main folder (has to be decided) and everything could run.

Not a 100% chance, but you could always install it, copy the folder(s) created, then uninstall.

I have an idea. Anything in the suite that could write to the registry can be loaded once the USB in started.

Join the complete registry file with PStart then once the USB is about to be ejected have a "cleanafterme" batch that deletes all the reg keys.

That way if the program looks to the registry to see if it's installed, it'll see itself and execute.

0

Share this post


Link to post
Share on other sites

I got a portable file assassciation tool working that I stole from LiberKey.

Took me all morning, but I finally got it working and beat it down to 580KB. Original was 1.17MB.

It can be even smaller! So right now I'm setting up file assassciations.

If anybody is interested I'm using the Ultimate verison of LiberKey. (http://www.liberkey.com/en/liste-des-logiciels-liberkey-ultimate.html)

Be warned, it's a French site with an English verison of the software.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0