Wednesday 5 February 2014

Easy2Boot v1.26 available (with new batch file to make an E2B USB drive)

v1.26 2014-02-05
  1. Small changes so we can have individual XP ISO entries in the Main menu (e.g. 'Install XP Home' and 'Install XP Pro' can be in the main menu with no need to pick the ISO name). Use XP_Inst_from_MainMenu.mnu in sample mnu folder as an example.
  2. A few new sample .mnu files added for OpenElec and XiaOpan
  3. Latest grub4dos version 0.4.5c 2014-01-17
  4. New \_ISO\docs\Make_E2B_USB_Drive.cmd batch file added to automate making of an E2B drive (requires RMPrepUSB to be pre-installed).
The Make_E2B_USB_Drive.cmd batch file is designed to be run from the \_ISO\docs folder.
Download the E2B .zip file, extract it to a temporary folder on your hard disk and then double-click on the Make_E2B_USB_Drive.cmd batch file to make an Easy2Boot USB drive (requires Admin rights). It formats the USB drive (choice of FAT32 or NTFS), installs grub4dos and then copies the E2B files across. Your E2B drive is then ready to boot!

The batch file requires RMPrepUSB to be pre-installed on your system in the default (C:\Program Files) folder.

Make_E2B_USB_Drive.cmd - Initial Drive Selection

Make_E2B_USB_Drive.cmd - E2B drive completed

Sunday 2 February 2014

Adding Xiaopan to Easy2Boot

Xiaopan is a linux distro used for wireless penetration testing (e.g. cracking WPS). You can add the latest ISO to Easy2Boot in the usual way (i.e. just copy the .iso file to \_ISO\MAINMENU and then run WinContig to make the iso file contiguous). This will work on both FAT32 and NTFS E2B USB drives even though Xiaopan does not support NTFS.


However, if you want to run Xiaopan with persistence, it is easiest to use a FAT32 E2B USB drive.

To make your extensions and changes persistent, Tiny Core needs a directory to store them.

1. Extract the mydata.tgz file from the root of the ISO file using 7Zip
2. Copy the file to the root of the FAT32 USB boot drive
3. Rename the file to xi.tgz

If however, you have an NTFS E2B USB drive, we need to create an ext2 filesystem...

1. Use RMPrepUSB - Create ext2 FS to create an ext2 file of the filename x-rw in the root of the NTFS E2B USB drive (any size you choose).
2. Copy the Xiaopan.mnu file from the \_ISO\docs\Sample mnu files folder to an E2B subfolder (e.g. \_ISO\MAINMENU\MNU) - see below.
3. Move the Xiaopan ISO file to the same folder and rename it to Xiaopan.iso

Now when you boot from the ISO for the first time, use the Control Panel - Backup\Restore applet in Xiaopan and change the backup location from sdb4/ (may differ on your system but it should end in 4) to sdb3/. Now change the wallpaper colour and Exit. There should be no error message (if there is, try using Control Panel - Mount Tool to mount \sdb3 first and then Exit). When you run Xiaopan again, the wallpaper settings should be remembered.

The .mnu file is shown below:
#create an ext2 file in the root of the E2B USB drive called x-rw
#when Xiaopan boots, use the Control Panel - Backup\Restore applet to change the location to partition 3 - e.g. sdb3/

iftitle [if exist $HOME$/XIAOPAN.iso] Xiaopan (with persistence)\n Boot using .mnu file with persistence
if exist CD echo WARNING: Cannot use partnew command! && pause && configfile (bd)/menu.lst
set ISO=XIAOPAN.iso
set PER=x-rw
if "%E2BDEV%"=="" set E2BDEV=hd0 && pause E2BDEV forced to hd0!
#enable parttype output
debug 1
# make empty table entry in 3rd position in ptn table
parttype (%E2BDEV%,2) | set check=
debug off
set check=%check:~-5,4%
if "%check%"=="0x00" partnew (%E2BDEV%,2) 0 0 0
if not "%check%"=="0x00" echo WARNING: PTN TABLE 3 On %E2BDEV% IS ALREADY IN USE - PERSISTENCE MAY NOT WORK! && pause
debug 1
if not exist /%PER% echo WARNING: /%PER% persistence file not found! && pause
errorcheck off
if "%check%"=="0x00" partnew (%E2BDEV%,2) 0x0 /%PER%
errorcheck on
#map ptn 4 to ISO
partnew (%E2BDEV%,3) 0x0 $HOME$/%ISO%
map $HOME$/%ISO% (0xff)
map --hook
root (0xff)
chainloader (0xff)




Friday 31 January 2014

Transferring ISOs from an XBOOT USB drive to Easy2Boot

If you already have an XBOOT USB drive containing linux ISO files, you may have found that when you copy them to your Easy2Boot USB drive, they don't work.

This is because XBOOT modifies the ISOs. For a typical linux ISO, XBOOT will extract the files from the casper folder of the ISO file and then copy them to a subfolder under the \images folder on the USB drive. XBOOT also modifies the \isolinux\isolinux.cfg file contents (inside the ISO file) to add some cheat codes which will direct the linux kernel to load the squashfs files from a different folder, e.g.

label driverupdates=Use driver update disc
append driverupdates=debian-installer/driver-update=true

is converted to:

label driverupdates=Use driver update disc
append driverupdates=debian-installer/driver-update=true ignore_uuid live-media-path=/images/fdraptor/casper

The cheat codes added by XBOOT may work for some linux distros (or versions) but not for others. This is why it is 'hit-or-miss' as to whether XBOOT will work or not with 'unsupported' ISOs.

To move these XBOOT converted ISOs to an E2B USB drive we need to:

1. Copy the whole \images folder from the XBOOT drive to \images on the E2B drive
2. Move the ISO files to the \_ISO\MAINMENU folder

So if we had 'fdraptor' on our XBOOT drive, we would now have an E2B drive with these folders:
  • \images\fdraptor\casper\ - several files including filesystem.squashfs (700MB)
  • \_ISO\MAINMENU\fdraptor.iso (32MB)
As many linux initial kernels do not support NTFS, XBOOT does not work well on an NTFS drive. If you use these files on an E2B drive, the E2B USB drive needs to be formatted as FAT32 and not NTFS.

Of course, you can just download the original ISOs from the web and copy them to your E2B drive (even on an NTFS E2B drive) and it should work just fine.

The other alternative is to make a .imgPTN file from the XBOOT USB drive by dragging-and-dropping the drive letter onto the MPI_FAT32 desktop shortcut.

Easy2Boot .mnu files

Usually, when adding payload files to Easy2Boot, you just need to copy the file over and make sure it is contiguous. In some cases you may need to modify the file extension slightly too. However, for some 'special' payload files or if you want persistence when booting from linux ISOs, we need to use a .mnu file.

Below is a list of some of the .mnu files that can be found in the \_ISO\docs\Sample mnu Files folder of the Easy2Boot download in v1.25. More may be added to later versions, so always check for new examples!
Instructions on how to use .mnu files can be found by opening them in Notepad and reading the instructions within.

Thursday 30 January 2014

Make a 'Forensics To Go' 32GB USB Flash drive

If you have a 32GB or larger USB pen and want a ready-made 'Forensic' multiboot USB Flash drive, try the (virtual disk) image provided on 'Hacking Exposed' by David Cowen\Kevin Stokes.  Download is here.


This USB disk image contains two FAT32 partitions, with XBOOT installed ISOs of...
  • SIFT 2.14
  • Kali Linux
  • Paladin 5
  • Raptor 3
on a hidden 2nd partition, and 4GB-worth of the following portable apps and tools on the first partition (which is visible to Windows):

Documents
analyzing-malicious-document-files.pdf
log2timeline-cheatsheet.pdf
Memory-Forensics-Cheat-Sheet-v1.pdf
Network Forensics Cheat Sheet.pdf
SANS-DFIR-Poster-2012.pdf
sbag.users.guide.v.0.24.pdf
SIFT Cheat Sheet and DFIR Curriculum.pdf
USB-Device-Tracking-Artifacts.pdf


Linux Tools
TZworks_64bit
TZworks_32bit
Truecrypt


Mac Tools
FortiClient_Installer.dmg
nmap-6.40-2.dmg
TrueCrypt 7.1a Mac OS X.dmg
TZworks


Portable Apps
PortableApps.com
2XClient
7-ZipPortable
AbiWordPortable
AntRenamerPortable
AutorunsPortable
BabelMapPortable
cdrtfePortable
ClamWinPortable
CommandPromptPortable
ConverberPortable
CrystalDiskInfoPortable
CubicExplorerPortable
DaphnePortable
DatabaseBrowserPortable
EraserPortable
EraserDropPortable
Explorer++Portable
FileAlyzerPortable
FileZillaPortable
FoxitReaderPortable
FrhedPortable
GetSudokuPortable
GoogleChromePortable
grepWinPortable
HDHackerPortable
HijackThisPortable
HWiNFOPortable
InfraRecorderPortable
IniTranslatorPortable
IrfanViewPortable
JkDefragPortable
KasperskyTDSSKillerPortable
KchmViewerPortable
KeePassPortable
KeepNotePortable
KiTTYPortable
McAfeeStingerPortable
Monster2Portable
CamStudioPortable
ChecksumControlPortable
ConvertAllPortable
DiffpdfPortable
Notepad++Portable
PasswordGorillaPortable
PeerBlockPortable
PidginPortable
ProcessExplorerPortable
ProcessHackerPortable
ProcessMonitorPortable
PuTTYPortable
PWGenPortable
RegshotPortable
SIWPortable
SkypePortable
SmartDefragPortable
SpybotPortable
SQLiteDatabaseBrowserPortable
SqlitemanPortable
StickiesPortable
SumatraPDFPortable
SystemExplorerPortable
TeamViewerPortable
ThunderbirdPortable
Toucan
UUID-GUIDGeneratorPortable
VLCPortable
WhoDatPortable
WindowsErrorLookupToolPortable
winMd5SumPortable
WinMTRPortable
WinSCPPortable
WiseDiskCleanerPortable
WiseProgramUninstallerPortable
WiseRegistryCleanerPortable
xpyPortable
CppcheckPortable
KompoZerPortable
NetHackPortable
PeaZipPortable
qBittorrentPortable
RevoUninstallerPortable
PortableApps.comLauncher

Windows Tools
volatility-2.3.1.standalone.exe
WiresharkPortable-1.10.5.paf.exe
Imager_Lite_3.1.1
NirSoft Tools
Password Tools
rrv2.8
Scalpel-2.0
SysinternalsSuite
Tools that require Install
TZworks 32bit
TZworks 64bit
USB Write - EnableProtect
Woanware



To make this USB Flash drive

You need a 32GB or larger USB drive.
1. Download the 8GB (!) USB_Multiboot.zip file from the blog here or the updated image here.
2. Extract the 30GB 'USB image for download.img' file to your system hard disk using 7Zip (or similar utility)
3. Run RMPrepUSB and insert your 32GB (or larger) USB Flash drive
Select the 32GB USB Flash drive in the top drive selection box and click on the File->Drive button.
Enter 1SEC for the file start sector (see screenshot), 0 for the USB start sector and 0 for the length.
After 10 -30 minutes you will have a bootable USB flash drive.

The image is from a 32GB USB Flash drive made using XBOOT. If you wish to add more files to it using XBOOT, you can must first change the partition order over as follows:

1. Run RMPrepUSB and select the 32GB drive
2. Type CTRL-O and select partition 2 when prompted

This will swap over the partitions and make visible the XBOOT 1st FAT32 partition containing the (modified) ISO files:
  • fdraptor.iso
  • hirensbootcd.iso
  • paladin.iso
  • siftworkstationrevusb.iso
You should now be able to run XBOOT and modify the contents.

When you have finished testing the USB drive, use RMPrepUSB - Ctrl-O to change back the partitions and make the applications partition visible to Windows again.

You can either boot from this USB drive on a 'live' system or boot from it (or the original .img file) with the 'target' hard-disk image in VirtualBox.

Note: XBOOT modifies the .ISO files and extracts and removes the squashfs (casper) files into a subfolder under \images. Therefore these .iso files cannot just be 'dropped' onto an Easy2Boot drive as they will not boot correctly. These XBOOT ISOs can be used if you copy the whole \images folder from the XBOOT partition to the root of a FAT32 E2B USB drive (not NTFS - it won't work!) and then move the .iso files to the \_ISO\MAINMENU folder (i.e. the E2B drive will contain a \images folder with subfolders).

Of course, you can download the original ISOs from their websites and simply add them to your Easy2Boot USB drive.

Note: There is a later download here which may have some of the files missing (I have not tested it).

Wednesday 29 January 2014

Easy2Boot v1.25 available (new $HOME$ keyword for .mnu files)

Easy2Boot v1.25 adds a new feature for .mnu files.

Previously, you had to 'hard code' the sub-folder name into the .mnu file text. For example, here is a typical .mnu file which expects the ISO file to be in the MNU subfolder (e.g. \_ISO\MAINMENU\MNU) :

iftitle [if exist %MFOLDER%/MNU/Ylmf_OS_3.0.iso] Boot YlmF (Windows Like OS) Non-Persistent 
map %MFOLDER%/MNU/Ylmf_OS_3.0.iso (0xff)
map --hook
root (0xff)
kernel /casper/vmlinuz file=/cdrom/preseed/ubuntu.seed boot=casper  persistent iso-scan/filename=%MFOLDER%/MNU/ylmf_OS_3.0.iso floppy.allowed_drive_mask=0 splash
initrd /casper/initrd.img

However, now we can use $HOME$ to represent the path of the .mnu file like this:

iftitle [if exist $HOME$/Ylmf_OS_3.0.iso] Boot YlmF (Windows Like OS) Non-Persistent 
map $HOME$/Ylmf_OS_3.0.iso (0xff)
map --hook
root (0xff)
kernel /casper/vmlinuz file=/cdrom/preseed/ubuntu.seed boot=casper  persistent iso-scan/filename=$HOME$/ylmf_OS_3.0.iso floppy.allowed_drive_mask=0 splash
initrd /casper/initrd.img


This means that we can place the .mnu files and their payload files in any sub-folder of any name and we don't have to edit the .mnu file to match it.

This is useful because it means we can control the order of the items in the menus more easily by simply changing the name of the folders that we place our .mnu files in.

Consider an E2B file and folder arrangement of:

\_ISO\MAINMENU\b.iso
\_ISO\MAINMENU\k.iso
\_ISO\MAINMENU\MNU\a.mnu  (and a.iso)
\_ISO\MAINMENU\MNU\y.mnu  (and y.iso)
\_ISO\MAINMENU\z.iso

The menu entries in the Main menu would be ordered like this because the MNU folder's files will be enumerated after k.iso:

b.iso
k.iso
(title text from the a.mnu file)
(title text from the y.mnu file)
z.iso


Now if we want the a.mnu entry to be listed first in the Main menu, previously when using the %MFOLDER% variable, we would have had to make a new $MNU folder and then move the a.mnu and a.iso files also edit the .mnu file to change 'MNU' to '$MNU'.

However, if we use the new $HOME$ keyword in the .mnu file, all we need do is move the a.iso and a.mnu files to a new $MNU folder and we don't have to edit the .mnu file at all.

\_ISO\MAINMENU\$MNU\a.mnu  (and a.iso)
\_ISO\MAINMENU\b.iso
\_ISO\MAINMENU\k.iso
\_ISO\MAINMENU\MNU\y.mnu  (and y.iso)
\_ISO\MAINMENU\z.iso

The keyword $HOME$ will be expanded by E2B to be "/_ISO/MAINMENU/$MNU" automatically.

If you also want to change the position of y.mnu, you can simply rename the MNU folder (e.g. use $A to list it first or ZZ to list it last in the menu).

I have changed all of the Sample mnu Files in the \_ISO\docs\Sample mnu Files folder in v1.25 of E2B to use the new $HOME$ keyword. You can still use %MFOLDER% in your .mnu files if you wish.

The new v1.25 downloads are linked here.








Combine SARDU with Easy2Boot

To add SARDU to your Easy2Boot menu

1. Make your E2B USB drive as usual
2. Run SARDU and install SARDU plus any ISOs etc. to your E2B drive. This will add a dozen or so files to the root of the E2B drive and also a \SARDU folder.
3. Re-install grub4dos to the PBR using RMPrepUSB
4. Open an Administrator command prompt and navigate to the RMPRepUSB\SYSLINUX\Syslinux_4.06 folder  (tip: you can press F3 in RMPrepUSB to find the folder)
5. At the command prompt type:

syslinux.exe -f   X:   X:\SARDU\sardu.bin

where X: is the drive letter of your Easy2Boot USB drive

6. Create a SARDU.mnu file and add it to the \_ISO\MAINMENU\MNU folder:

title SARDU\n Run SARDU
chainloader /SARDU/sardu.bin


Sunday 26 January 2014

2 new Easy2Boot videos now on YouTube

I have added a couple more Easy2Boot videos to YouTube which I hope you will find useful.

Please let me know if you want any more and what topics to cover...

Part 1
Part 2

Part 1
1. Make an E2B drive - See other E2B videos for how to add and run Windows Install ISOs
2. Helper USB Flash drive
3. Folder structure
4. Can add own files anywhere except under \_ISO
5. WinContig -- Error 60 -- file not contiguous
6. Test with QEMU and VBox+VMUB
7. Add ISOs -- linux ISOs to Mainmenu
8. Add ISOs to \_ISO\LINUX
9. Add ISOs to \_ISO\AUTO and explain difference
10. What happens if delete DOS files -- menu entry disappears
11. How sub-menus work -- UTILITIES and UTILITIES_MEMTEST
12. Change names to reorder
13. Add .txt files

Part 2
14. Hirens - Change file extension to .isowinv
15. List of file extensions supported - see Tutorial 72a
16. Hirens - Add a .mnu file -- mnu can be any name
17. Change background -- add \_ISO\mybackground.bmp or mybackground.bmp.gz
18. Rename Sample_MyE2B.cfg to MyE2b.cfg -- explain -- sample mnu files
19. Demo master password + font + hotkey + remove F7 + menu pwd
20. Add blank line in menu
21. Speed up menu loading -- FASTLOAD, no font file
22. Suppress E2B startup messages
23. Suppress grub4dos messages - patchme
24. 'Skins'

See www.rmprepusb.com Easy2Boot - Tutorial 72a for more details.

Wednesday 22 January 2014

Easy2Boot 1.24 available

Just a few small changes:

1. If you had an E2B USB HDD and a USB Helper Flash drive and both contained the E2B folders, then LOADISO would try to run ImDisk twice which would cause it to loop. I have added some checks in LOADISO.cmd so that if it is being run from the drive containing WINHELPER.USB or is being run for a 2nd time, it will just exit. If you have problems with the LOADISO blue console window, check that you only have one instance of the E2B folder structure on one drive in the system (which should be the E2B boot drive).

2. Some of the Sample .mnu files in the \_ISO\docs folder had not been updated to use the new ENG folder and use the new %LANG% variable for that folder. These files have now been updated.


Monday 20 January 2014

E2B v1.23 available

This version allows you to boot from a different grub4dos bootable drive and then 'chainload boot' to your E2B USB drive. This means that if you use an E2B USB Hard drive, then you could boot from either your E2B USB Hard drive or your E2B Helper USB Flash drive.

Helper drive menu.lst file:

clear
pause --wait=3 Booting from Easy2Boot USB Helper Flash Drive...
find --set-root /_ISO/e2b/grub/menu.lst
chainloader /grldr
boot

Note that to support this, the sample .mnu files in the \_ISO\docs folder have also been changed because the E2B drive will no longer be (hd0,0) and so the partnew commands have been modified to use the correct device name for the E2B drive (e.g. hd2). If you have used any of the sample .mnu files then you will need to update them in order to use this new feature.

If you always boot from the E2B drive then you don't need to change your .mnu files. The standard E2B .mnu files have not changed.