Ah… WINKEY+R and cmd.exe, two awesome means of launching programs and commands within a Windows environment. In my humble opinion, WINKEY+R is probably one of the best keyboard shortcuts to know, especially if you work in the tech industry. I mention this because I find myself using this keyboard shortcut a lot and it’s nice just to call out the name of a program rather than hunting around for it in a GUI. Need to see trace route for google.com? WINKEY+R then tracert www.google.com. Need to do a force shutdown? WINKEY+R then shutdown -s -t 0 -f . The list goes on but today we will be adding to this list because we all know that there are a myriad of utilities out there that don’t come with Windows installations by default and it’s nice to have them sitting in your System32 directory or in your %PATH% variable to quickly execute. I will warn you that some of the utilities I will recommend may make it easier for your system to be used as a pivot point if your system gets compromised. Additionally some of these tools may be detected as ‘viruses’ by anti-virus programs. Lastly, this article isn’t a comprehensive list of ALL the utilities that could be added or desired. It’s merely a means of getting you started. With that being said, let’s continue.
For those of you who want to give your Windows system more a UNIX/Linux feel, I strongly recommend installing Cygwin and customizing your install to have all the Unix based goodies that your little heart desires. Once you’ve done this, add the /bin/ directory to your %PATH% variable. Now you can use egrep instead of findstr. Also you can now use wget, curl, ssh utilities suite, netcat, perl and other powerful scripting languages from cmd.exe! (Provided you have selected to install these during the customization part of your Cygwin install.)
Mark Russinovich deserves a medal of some sort. Practically every tool he makes for Windows is a must have if you work on Windows systems. So feel free to download and copy all of these .exe files to your System32 directory:
I personally use autoruns.exe all the time as a much greater alternative to msconfig and hijackthis.
Putty software suite:
If you forgot to install the ssh utilities under Cygwin, don’t worry and put these in your System32 directory:
Other useful tools to have:
Here’s a list of some other tools that are very useful to have in your System32 directory:
Bluescreenview – great utility for getting information on BSODs
coretemp - (pretty self explanatory)
cpuz- very useful tool for getting information about your CPU, Motherboard, and RAM
fciv – Microsoft’s hash checksum utility
gpuz – like cpuz but for graphics cards
p95 -useful tool to benchmark your system
rufus -Create bootable USB drives with picky distros (not all work with YUMI)
Speccy -great alternative to msinfo32 that is better in some departments
usbdeview -useful for getting information about usb devices that have been plugged into your system
Of course this list isn’t complete but I strongly feel that this is a good start. If you feel inclined to suggest some tools/utilities to add to the list feel free to leave a comment or send me an email.
It looks like my Kali Linux chroot environment has been superseded per se. I am very excited about Kali Linux NetHunter (http://nethunter.com/), and this may drive me to purchase a Nexus 5 so I can have OTG support and perform wireless attacks more easily versus having to use a Y USB cable with my current Nexus 4.
I had a HID attack idea for the Nokia N900, but it appears the folks over at offensive-security have put something together for the Android/Nexus platform. Please have a look at this video:
One caveat I have noticed is that NetHunter currently only supports Nexus series devices:
(From nethunter.com ):
The Kali NetHunter image is currently compatible with the following Nexus devices:
- Nexus 4 (GSM) – “mako” – EXPERIMENTAL SUPPORT
- Nexus 5 (GSM/LTE) – “hammerhead”
- Nexus 7  (Wi-Fi) – “nakasi”
- Nexus 7  (Mobile) – “nakasig”
- Nexus 7  (Wi-Fi) – “razor”
- Nexus 7  (Mobile) – “razorg”
- Nexus 10 – “mantaray”
With that being said, my article on weaponizing the android platform may still be of use to a lot of you who don’t own Nexus series devices: http://zitstif.no-ip.org/?p=811
Chainfire, who I’m sure you know of if you’re into rooting Android devices, has pushed out an update 11/26/2014 and now the Kali chroot environment works! Keep in mind, I still have this installed: http://forum.xda-developers.com/google-nexus-5/development/fix-bypassing-pie-security-check-t2797731.
However, the chroot environment is not quite perfect yet (nor has it necessarily been). I am receiving this error when issuing commands in the environment: ERROR: ld.so: object ‘/system/lib/libsigchain.so’ from LD_PRELOAD cannot be preloaded: ignored. I have added this following line to the kali shell script located at /sdcard/kali/kali, ‘export LD_PRELOAD=/system/lib/libsigchain.so‘, however this does not fix the issue. I would appreciate any words of wisdom/solutions if anyone has any.
To not see the LD_PRELOAD error, all you need to do is add this to your .bashrc file:
For those of you who are looking to update your Android version to Lollipop and wish to continue using the chroot environment I have shown how to setup here, please hold off! You can do so but at your own risk. Currently my chroot environment is not functional because I get ‘permission denied’ when I try to run the same script as I’ve always done before with my rooted Nexus 4 with previous versions of Android (up to 4.4.4). I’m highly confident that the issue is related to Android Lollipop’s PIE system, though I could be wrong. Over at the XDA forums, it appears that there is a workaround, but it still doesn’t fix the ‘permission denied’ issue that I’m experiencing. However it may help you with other apps:
This bypass method did fix SSHDroid, but caused some issues with other apps.
JP Dunning (https://twitter.com/r0wnin) is the creator of the Katana: Portable Multi-Boot Security Suite. Upon visiting www.hackfromacave.com, it appears that this projects have come to a halt. It is true that you can still obtain the Katana toolkit via torrents (http://securityiskey.blogspot.com/2012/08/katana-3-beta-torrent.html for those are interested). However, I can’t recommend downloading this toolkit as of now because a lot the Linux distributions within the Katana toolkit have been superseded by newer distributions. Another issue with Katana is that it’s kind of a pain to customize and add and remove distributions.
With that being said, this post’s objective is to inform those who how to create a multi-booting USB flash drive toolkit that is easily customizable for end user’s specific needs. For this we will be heavily relying on YUMI (http://www.pendrivelinux.com/yumi-multiboot-usb-creator/). Using YUMI is pretty straight forward and I don’t believe there is a strong need for myself to create a tutorial (https://www.google.com/#q=YUMI+tutorial).
To create our “Home Made Katana”, you will need:
-32GB Flash drive (smaller may work but I recommend 32GB or larger)
-YUMI ( http://www.pendrivelinux.com/yumi-multiboot-usb-creator/ )
-HomeMadeKatana.zip ( https://ia601401.us.archive.org/15/items/HomeMadeKatana/HomeMadeKatana.zip )
HomeMadeKatana.zip file hash
NOTE: TOOLS IN THIS ARCHIVE WILL SET OFF AV SYSTEMS
The root directory of this zip file contains:
I pulled the PortableApps directory and the KatanaToolKit.exe from the Katana:
Portable Multi-Boot Security Suite. I meant to add herdProtect portable scanner but forgot to. Feel free to add this if you want: http://www.herdprotect.com/installers/herdProtectScan_Portable.exe .
To create our “Home Made Katana”, do as follows:
1.) Backup any data you want on your flash drive
2.) Wipe the flash drive
3.) Download YUMI
4.) I recommend the following distributions/bootable tools:
Clonezilla (Backup + Clone Tool)
Hiren’s Boot CD
Kon-Boot Floppy Image
Offline NT Password & Registry Editor
Ultimate Boot CD
Windows Defender Offline
5.) Download and extract HomeMadeKatana.zip to the root of the flash drive.
You may ask yourself why would I recommend putting Windows 8 on your flash drive? I recommend this because newer systems are now using UEFI and a lot of systems are shipping without optical drives. For instance if you need to reset a Windows 8 local account password ( http://pcsupport.about.com/od/windows-8/a/reset-password-windows-8.htm ), having Windows 8 on your “Home Made Katana” would be of great use.
An additional note that should be taken into consideration when dealing with newer UEFI computers. To boot into Linux distros or even to boot from USB or optical drives with software that doesn’t necessarily support secure booting you will need to turn the secure boot option off and/or enable legacy booting and/or enable compatibility support module (CSM).
In retrospect, what we have done is create a mutlibootable and powerful flash drive with utilities for penetration testers, IT gurus and network administrators. In addition, I would also recommend getting a USB Rubber Ducky (https://hakshop.myshopify.com/collections/usb-rubber-ducky) especially if you’re into penetration testing. If you have any questions, comments or input feel free to post a comment below.