Monday, November 28, 2011

iPXE: iSCSI for Microsoft Windows

Prepare environment to install and boot from iSCSI target

  1. Syslinux 3.86 is the last known working version that may work with gpxe/ipxe.  Prepare a TFTP boot folder as following:
    # tree
    .
    ├── pxelinux.cfg
    │   └── default
    ├── syslinux -> syslinux.386
    ├── syslinux.386
    │   ├── advdump.c32
    │   ├── c32echo.c32
    │   ├── cat.c32
    │   ├── chain.c32
    │   ├── cmd.c32
    │   ├── comecho.com
    │   ├── complex.c32
    │   ├── config.c32
    │   ├── copybs.com
    │   ├── cpuid.c32
    │   ├── cpuidtest.c32
    │   ├── disk.c32
    │   ├── display.c32
    │   ├── dmitest.c32
    │   ├── elf.c32
    │   ├── entrydump.c32
    │   ├── ethersel.c32
    │   ├── fancyhello.c32
    │   ├── fd.c32
    │   ├── filetest.c32
    │   ├── gfxboot.c32
    │   ├── gfxboot.com
    │   ├── gpxecmd.c32
    │   ├── gpxelinux.0
    │   ├── hdt.c32
    │   ├── hello2.c32
    │   ├── hello.c32
    │   ├── ifcpu64.c32
    │   ├── ifcpu.c32
    │   ├── int18.com
    │   ├── kbdmap.c32
    │   ├── keytest.c32
    │   ├── linux.c32
    │   ├── localboot.c32
    │   ├── mboot.c32
    │   ├── mdiskchk.com
    │   ├── memdump.com
    │   ├── meminfo.c32
    │   ├── menu.c32
    │   ├── pcitest.c32
    │   ├── pmload.c32
    │   ├── poweroff.com
    │   ├── pxechain.com
    │   ├── pxelinux.0
    │   ├── reboot.c32
    │   ├── resolv.c32
    │   ├── rosh.c32
    │   ├── sanboot.c32
    │   ├── sdi.c32
    │   ├── serialinfo.c32
    │   ├── simple.c32
    │   ├── sysdump.c32
    │   ├── syslinux.com
    │   ├── test2.c32
    │   ├── test.c32
    │   ├── vesainfo.c32
    │   ├── vesamenu.c32
    │   └── vpdtest.c32
    ├── undionly.0 -> undionly.kpxe
    ├── undionly.kpxe
    └── windows.pe
        ├── BCD
        ├── bootmgr.exe
        ├── boot.sdi
        ├── fonts
        │   ├── chs_boot.ttf
        │   ├── cht_boot.ttf
        │   ├── jpn_boot.ttf
        │   ├── kor_boot.ttf
        │   └── wgl4_boot.ttf
        ├── pxeboot.0 -> pxeboot.n12
        ├── pxeboot.n12
        ├── vista_x64.wim
        ├── vista_x86.wim
        ├── win7_x64.wim
        └── win7_x86.wim
  2. Update /etc/dhcp/dhcpd.conf to use gpxelinux.0
    filename "gpxelinux.0";
  3. Restart dhcpd service
    # service dhcpd restart
    Shutting down dhcpd:                                       [  OK  ]
    Starting dhcpd:                                            [  OK  ]
  4. Update pxelinux.cfg/default:
    LABEL boot_san
            menu label Boot ^Storage Area Network
            menu indent 5
            com32 syslinux/gpxecmd.c32
            append chain tftp://boot.example.com/sanboot.gpxe
    
    label undionly
            menu label Boot iPXE UNDI
            menu indent 5
            kernel undionly.0
  5. Create a sanboot.gpxe script file:
    # cat sanboot.gpxe
    #!gpxe
    
    login
    chain tftp://boot.example.com/syslinux/menu.c32 http://${username}:${password}@boot.example.com/~${username}/menu.cfg
  6. A sample menu.cfg file:
    UI syslinux/vesamenu.c32
    
    LABEL Windows 7 x64
            com32 cmd.c32
            append sanboot iscsi:nas.example.com::::iqn.example.com:win7-x64
    
    LABEL Windows 8 x64
            com32 cmd.c32
            append sanboot iscsi:nas.example.com::::iqn.example.com:win8-x64

Install Windows 7 on iSCSI target

  1. Boot machine into iPXE kernel (Boot iPXE UNDI or undionly.0)
  2. Press Ctrl-B to start iPXE command line
    MS-DOS-2011-11-15-11-49-38
  3. Obtain an IP address from dhcp
    iPXE> dhcp net0
  4. Preserve SAN device
    iPXE> set keep-san 1
  5. Supply chap information if necessary:
    iPXE> login
  6. Initialize iSCSI target:
    iPXE> sanboot iscsi:nas.example.com::::iqn.2011-03.example.com:my-iscsi
    Registered SAN device 0x80
    Booting from SAN device 0x80
    Boot from SAN device 0x80 failed: Operation canceled (http://ipxe.org/0x8080a0)
    Preserving SAN device 0x80

  7. Chain boot to Windows PE:

    iPXE> chain tftp://boot.example.com/windows.pe/pxeboot.0
  8. Or chain boot to Windows PE ISO:
  9. iPXE> kernel syslinux/memdisk iso
    iPXE> initrd http://<ip-address>/winpe7_x64.iso
    iPXE> boot
    1. Once boot into Windows PE, you may use the iSCSI target just like your local storage.  You may install a Windows OS into the iSCSI target directly.

    Boot from iSCSI target using iPXE

    1. Boot machine into iPXE kernel
    2. Press Ctrl-B to start iPXE command line
    3. Obtain an IP address from DHCP

      iPXE> dhcp net0
    4. Supply chap information if necessary:

      iPXE> login
    5. Boot from iSCSI target:

      iPXE> sanboot iscsi:nas.example.com::::iqn.2011-03.example.com:my-iscsi

    Boot from iSCSI using PXE using HTTP

    1. Boot from PXE
    2. Use the pxe menu configuration to boot iSCSI target introduced in section “Prepare environment to install and boot from iSCSI target”

    Reference

    1. User-specific boot menus. URL: http://etherboot.org/wiki/appnotes/authmenus
    2. Installing Windows Server 2008 to an iSCSI target. URL: http://etherboot.org/wiki/sanboot/win2k8_iscsi_install

    Thursday, November 17, 2011

    iPXE: Boot iPXE firmware

    iPXE (formerly known as gPXE) is an open source network boot firmware.  The most obvious reason of using iPXE is the ability to download image from HTTP and Boot ISCSI target but not limited to that.  For illustration purpose, this topic focus on chain load usage of iPXE image.

    Prepare iPXE image

    1. Get a copy of the iPXE source
      # git clone git://git.ipxe.org/ipxe.git
    2. Build chain load iPXE image:
      # cd ipxe
      # make src/bin/undionly.kpxe
    3. Chain load iPXE image file:
      # ls -algG src/bin/undionly.kpxe -al
      -rw-r--r-- 1 62326 Nov 15 11:38 src/bin/undionly.kpxe
    4. Refer to: http://ipxe.org/download for more information on preparing iPXE image.

    Chain loading iPXE from PXE ROM

    1. Deploy iPXE image to TFTP boot folder:
      # cp src/bin/undionly.kpxe /var/lib/tftpboot
    2. Change dhcp configuration file to boot iPXE image:
      # vi /etc/dhcp/dhcpd.conf
      next-server <tftp-server>;
      filename "undionly.kpxe";
    3. Restart dhcpd service:
      # service dhcpd restart
    4. Power on machine and boot to network using existing PXE ROM.  You should see the machine will boot into iPXE shell after PXE ROM:

      MS-DOS-2011-11-15-11-49-38
    5. Press Ctrl-B for enter iPXE cli mode.
    6. Type help to get a list of available commands:
      MS-DOS-2011-11-17-15-08-47

    iPXE options for DHCP

    1. Construct a list of iPXE options for DHCP configuration:
      # cat /etc/dhcp/ipxe.options
      # iPXE specific options
      option space ipxe;
      option ipxe-encap-opts code 175 = encapsulate ipxe;
      option ipxe.priority code 1 = signed integer 8;
      option ipxe.keep-san code 8 = unsigned integer 8;
      option ipxe.skip-san-boot code 9 = unsigned integer 8;
      option ipxe.no-pxedhcp code 176 = unsigned integer 8;
      option ipxe.bus-id code 177 = string;
      option ipxe.bios-drive code 189 = unsigned integer 8;
      option ipxe.username code 190 = string;
      option ipxe.password code 191 = string;
      option ipxe.reverse-username code 192 = string;
      option ipxe.reverse-password code 193 = string;
      option ipxe.version code 235 = string;
      option iscsi-initiator-iqn code 203 = string;
      
      # Feature indicators
      option ipxe.pxeext code 16 = unsigned integer 8;
      option ipxe.iscsi code 17 = unsigned integer 8;
      option ipxe.aoe code 18 = unsigned integer 8;
      option ipxe.http code 19 = unsigned integer 8;
      option ipxe.https code 20 = unsigned integer 8;
      option ipxe.tftp code 21 = unsigned integer 8;
      option ipxe.ftp code 22 = unsigned integer 8;
      option ipxe.dns code 23 = unsigned integer 8;
      option ipxe.bzimage code 24 = unsigned integer 8;
      option ipxe.multiboot code 25 = unsigned integer 8;
      option ipxe.slam code 26 = unsigned integer 8;
      option ipxe.srp code 27 = unsigned integer 8;
      option ipxe.nbi code 32 = unsigned integer 8;
      option ipxe.pxe code 33 = unsigned integer 8;
      option ipxe.elf code 34 = unsigned integer 8;
      option ipxe.comboot code 35 = unsigned integer 8;
      option ipxe.efi code 36 = unsigned integer 8;
      option ipxe.fcoe code 37 = unsigned integer 8;
    2. These options are useful for advance configuration of iPXE booting.

    Prevent infinite iPXE boot

    1. You will notice that booting undionly.kpxe basically just boot iPXE firmware.  The iPXE will keep obtain iPXE image from DHCP server and boot itself infinitely.  To instruct iPXE to do other work once iPXE has been loaded, make changes to dhcpd.conf:
      include "/etc/dhcp/ipxe.options";
      
      next-server <tftp-server>;
      if exists user-class and option user-class = "iPXE" {
          filename "http://boot-server/boot.ipxe";
      } else {
          filename "undionly.kpxe";
      }
    2. Restart dhcpd service:
      # service dhcpd restart
      Shutting down dhcpd:                                       [  OK  ]
      Starting dhcpd:                                            [  OK  ]
    3. The above changes will first boot iPXE image (undionly.kpxe), followed by booting a iPXE script from http service.
    4. The iPXE script (boot.ipxe) can be as simple as:
      # cat boot.ipxe
      #!ipxe
      login
    5. Here is an output screen of boot.ipxe:

      MS-DOS-2011-11-17-15-26-11

    Speeding iPXE boot

    iPXE booting will wait for replies from a ProxyDHCP server before booting. If you are not using a ProxyDHCP server, then this creates an unnecessary delay of several seconds. You can eliminate this delay by adding an option in dhcpd.conf:

    option ipxe.no-pxedhcp 1;

    Simple iPXE Commands

    1. Obtain an IP for interface net0:
      IPXE> dhcp net0
    2. Interactive Configuration Tools:
      IPXE> config
      

      MS-DOS-2011-11-15-14-38-44
    3. Boot an image
      IPXE> chain pxelinux.0
    4. Boot a ISCSI target:

      IPXE> sanboot iscsi:<ip-address>::::iqn.2011-03.example.org:my-target
    5. You may aggregate iPXE commands to form a iPXE script file:
      #!ipxe
      login
      echo ${username}
      echo ${password}
      sanboot iscsi:<ip-address>::::iqn.2011-03.example.org:my-target

    Chain loading iPXE from PXELinux

    1. If you have deployed PXELinux in your network and want to preserve it while enjoying the iPXE’s extra functionalities, you may chain load iPXE from PXELinux’s configuration
    2. PXELinux requires boot image file to have suffix of .0.  Make a symbolic link reference:
      # ln -s undionly.kpxe undionly.0
      # ls -algG undionly*
      lrwxrwxrwx 1 13 Nov 12 10:35 undionly.0 -> undionly.kpxe
      -rw-r--r-- 1 55168 Nov 12 09:54 undionly.kpxe
    3. Add a menu entry to PXELinux to boot iPXE image:
      # vi pxelinux.cfg/default
      
      LABEL iPXE
          kernel undionly.0
    4. You may now boot iPXE from PXELinux menu

    Reference

    1. Network-booting machines over HTTP. URL: http://jpmens.net/2011/07/18/network-booting-machines-over-http/
    2. iPXE - open source boot firmware. URL: http://ipxe.org/

    Sunday, November 13, 2011

    Make host based USB printer work with OpenWrt’s P910nd print server

    A host-based printer like HP-LaserJet 1020 needs to download a firmware every time when boot up or else it won’t print.  These printers works fine when connect to Windows that has drivers install.  For Linux, foo2zjs may help upload the firmware to printer by USB hotplug daemon.

    It is very hard to make host-based printers work with networked print server appliance as the printer won’t work without firmware.  Most print server appliance don’t have firmware ready or it won’t upload the firmware to printer.

    Some print server like D-Link DPR 1061 claims to work with host based printer but it is a different story.  A software (PS-Link or PS-Wizard) is required to deploy on workstations in network to act as USB redirector to send firmware to printer.  This isn’t a favor solution as it increase deployment effort on workstation.

    This topic use TP-Link 1043ND wireless router as hardware device to act as printer server alternative to those branded printer server in market.  The TP-Link 1043ND is patched with Gargoyle WRT (backed by OpenWrt).  A small printer daemon p910nd is installed in the device to serve as printer server for network.

    Here are some brief steps to install and configure:

    1. Find a low cost router that has few RJ45 network sockets (usually 4 LAN port + 1 WAN port) and USB port
    2. Patch the device with OpenWrt or Gargoyle Wrt
    3. Install p910nd daemon
    4. Download Printer Firmware
    5. Configure USB hotplug daemon to send firmware to printer
    6. Add a printer device in Windows / Linux workstation that print to Standard TCP/IP port (e.g.: Port 9100)

    Print Server Device: TP-Link 1043ND

    In this article, A gigabit wireless router: TP-Link 1043ND is used as example.  The router has 4 LAN + 1 WAN ports and a USB port mainly for flash drive.  We will make the USB port work with USB host based printer.

    Printer: HP Laser Jet 1020

    HP laser jet 1020 is a USB host based printer that is not friendly to many network print server in the market.

    Patch with Gargoyle WRT

    Download suitable flash firmware for TP-Link 1043ND from Gargoyle.  Follow instruction to patch the device.  After finish patching, do some simple configuration:

    1. Set the root access password
    2. Set IP address for the device (e.g.: 192.168.1.1)
    3. Enable SSH access to the device (e.g.: port 22)
    4. Try using SSH console like Putty to access the device

    Install software on device

    1. SSH into device. e.g.: ssh 192.168.1.1
    2. Enter “root” as username and supply with password
    3. Update OpenWRT software packages:
      root@Gargoyle:~# opkg update
    4. Install Kernel modules for USB Printer support:
      root@Gargoyle:~# opkg install kmod-usb-printer
    5. Install printer server:
      root@Gargoyle:~# opkg install p910nd

    Configure Printer Server: P910nd

    1. Enable p910nd daemon that sustain for device fresh booting:

      root@Gargoyle:~# /etc/init.d/p910nd enable
    2. Start p910nd daemon for current session
      root@Gargoyle:~# /etc/init.d/p910nd start

    Printer Firmware

    1. Download a suitable printer firmware (e.g.: http://oleg.wl500g.info/hplj/)
      root@Gargoyle:~# wget -o /usr/lib/sihp1020.dl http://oleg.wl500g.info/hpl
      j/sihp1020.dl
      root@Gargoyle
      :~# ls -al1 /usr/lib/si* -rw-r--r-- 1 126151 Nov 12 16:31 /usr/lib/sihp1020.dl
    2. Create a USB hotplug script file (/etc/hotplug.d/20-hpjl1020) for printer HP1020:
      root@Gargoyle:~# cat /etc/hotplug.d/usb/20-hplj1020
      #!/bin/sh
      
      FIRMWARE="/usr/lib/sihp1020.dl"
      DEVICE=/dev/lp0
      LOGFILE=/var/log/hp
      
      if [ "$PRODUCT" = "3f0/2b17/100" -a "$ACTION" = "add" ]
      then
              for i in $(seq 30); do
                      if [ -c $DEVICE ]; then
                              echo "$(date) : Sending firmware to printer." > $LOGFILE
                              cat $FIRMWARE > $DEVICE
                              echo "$(date) : done." >> $LOGFILE
                              exit
                      fi
                      sleep 1
              done
      fi
    3. You may adjust parameters in the script file to suit you environment.
    4. Product ID: “3f0/2b17/100” is the printer ID for my HP Laser Jet 1020.  Change it to suitable ID for the printer you attempt to connect.  You may attempt to grep the printer ID by patching the script file to output printer id to a log file.

    Test Printer Firmware

    1. Plug printer USB cable to device and check log file:
      root@Gargoyle:~# cat /var/log/hp
    2. The log file consist some information that is useful for troubleshooting
    3. Power off both printer and device
    4. Power on both printer and device
    5. Check log file again to make sure firmware may send to printer properly

    Print from Windows

    1. Logon to Windows workstation and add a local printer:
      1
    2. Create a new Standard TCP/IP port for the printer:
      2
    3. Enter IP Address for the printer: e.g.: 192.168.1.1
      3
    4. Specify additional information for the connection:
      4
    5. Choose “Raw” protocol and set port number. e.g.: 9100
      5
    6. Pick a suitable printer driver:
      6
    7. You may try to print a test page to the printer.

    Reference

    1. p910nd Printer Server. URL: http://wiki.openwrt.org/doc/howto/p910nd.server

    Friday, November 11, 2011

    Linux: Install Conexant USB modem

    This article showing how to install Conexant USB modem on Linux machine.  The Conexant USB module has a RJ11 socket at one end for phone line connection and USB connector on another end to plug into USB port:

    Identify modem model

    1. Plug Conexant USB modem into machine.
    2. Identity modem model:
      # lsusb 
      Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub 
      Bus 004 Device 002: ID 0572:1324 Conexant Systems (Rockwell), Inc. 
      Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub 
      Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub 
      Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub 
      Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

    Download modem driver

    1. Visit http://www.linuxant.com to download the modem driver.
    2. The modem ID in this example is 0572:1324, so DGC softmodem is the suitable driver.
    3. For illustration purpose, this example use dgcmodem-1.13-1.i386.rpm.zip

    Build modem driver

    1. Prepare to build modem driver. You may skip some of the following rpm package depends on your system:
      # yum install dgcmodem-1.13-1.i386.rpm 
      # yum install kernel-devel-2.6.33
    2. Configure modem driver:
      # /usr/sbin/dgcconfig
    3. Check modem installation:
      # ls /dev/ttyACM* -al 
      crw-rw---- 1 root dialout 166, 0 Jan  8 15:04 /dev/ttyACM0 
      # ls /dev/modem  -al 
      lrwxrwxrwx 1 root root 7 Jan  8 15:04 /dev/modem -> ttyACM0

    Reference

    1. Linuxant. http://www.linuxant.com

    BackTrack 5: Accelerate pyrit with NVIDIA GPU processor

    Pyrit is a cryptography tool that may decrypt WPA/WPA2 capture handshake in 802.11 wireless traffic (WIFI) using brute force approach.  The original Pyrit performs calculation using CPU cores.  This article introduces how to compile Pyrit to facilitate NVIDIA GPUs that may boost performance for 10x to 20x or even more depends on GPU cores and models.

    Download NVIDIA driver and toolkit

    1. Download NVIDIA drivers according to your CPU architecture:
    2. Next, download the CUDA toolkit, according to your CPU architecture:

    Disable Kernel Nouveau

    Install NVIDIA display driver may fail if kernel Nouveau is running, the kernel should disable first:

    1. Disable Kernel Nouveau:
      root@bt:~# echo options nouveau modeset=0 | tee -a /etc/modprobe.d/nouveau-kms.conf
      root@bt:~# update-initramfs -u
      update-initramfs: Generating /boot/initrd.img-2.6.39.4
    2. Reboot machine

    Install NVIDIA driver

    1. Make sure you are not in an X session (log out to console)
    2. Run Nvidia driver installer:
      root@bt:~/# ./devdriver_4.0_linux_64_270.40.run
      Verifying archive integrity... OK
      Uncompressing NVIDIA Accelerated Graphics Driver for Linux-x86_64 270.40......................................................................................................................................
    3. Follow screen instruction to complete installation

    Install NVIDIA CUDA toolkit

    root@bt:~/# ./cudatoolkit_4.0.17_linux_64_ubuntu10.10.run
    Verifying archive integrity... All good.
    Uncompressing NVIDIA CUDA..............................
    
    Enter install path (default /usr/local/cuda, '/cuda' will be appended):
    
    ========================================
    
    * Please make sure your PATH includes /usr/local/cuda/bin
    * Please make sure your LD_LIBRARY_PATH
    * for 32-bit Linux distributions includes /usr/local/cuda/lib
    * for 64-bit Linux distributions includes /usr/local/cuda/lib64:/usr/local/cuda/lib
    * OR
    * for 32-bit Linux distributions add /usr/local/cuda/lib
    * for 64-bit Linux distributions add /usr/local/cuda/lib64 and /usr/local/cuda/lib
    * to /etc/ld.so.conf and run ldconfig as root
    
    * Please read the release notes in /usr/local/cuda/doc/
    
    * To uninstall CUDA, delete /usr/local/cuda
    * Installation Complete

    Prepare CUDA for Pyrit

    1. Prepare kernel sources:
      root@bt:~# prepare-kernel-sources
      [*] apt-getting linux-source...
      Reading package lists... Done
      Building dependency tree
      Reading state information... Done
      linux-source is already the newest version.
      The following packages were automatically installed and are no longer required:
      libecryptfs0 libdmraid1.0.0.rc16 libdebconfclient0 ecryptfs-utils cryptsetup
      rdate bogl-bterm libdebian-installer4 reiserfsprogs dmraid python-pyicu
      Use 'apt-get autoremove' to remove them.
      0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
      [*] extracting sources, please wait
      tar: linux-source-2.6.39.4.tar.bz2: Cannot open: No such file or directory
      tar: Error is not recoverable: exiting now
      tar: Child returned status 2
      tar: Exiting with failure status due to previous errors
      [*] doing stuff...
      cp: missing destination file operand after `/boot/'
      Try `cp --help' for more information.
      scripts/kconfig/conf --silentoldconfig Kconfig
      CHK include/linux/version.h
      CHK include/generated/utsrelease.h
      CALL scripts/checksyscalls.sh
      [*] tada!
      root@bt:~# cd /usr/src/linux
      root@bt:/usr/src/linux# cp -rf include/generated/* include/linux/
    2. Set Environment variable
      root@bt:~# vi ~/.bashrc
      PATH=$PATH:/usr/local/cuda/bin
      LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/cuda/lib64
      export PATH
      export LD_LIBRARY_PATHroot@bt:~# source /root/.bashrc
      root@bt:~# ldconfig
    3. Check NVIDIA compiler:
      root@bt:~# which nvcc
      /usr/local/cuda/bin/nvcc
      root@bt:~# nvcc -V
      nvcc: NVIDIA (R) Cuda compiler driver
      Copyright (c) 2005-2011 NVIDIA Corporation
      Built on Thu_May_12_11:09:45_PDT_2011
      Cuda compilation tools, release 4.0, V0.2.1221

    Setup pyrit

    1. Setup pyrit dependent packages:
      root@bt:~# apt-get install libssl-dev
      root@bt:~# apt-get install scapy
      root@bt:~# apt-get install python-dev
      root@bt:~# apt-get install python-sqlalchemy // optional: if using sqlite database
    2. Check out Pyrit SVN trunk:
      root@bt:~# svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit
    3. Build Pyrit:
      root@bt:~# cd pyrit/pyrit/
      root@bt:~/pyrit/pyrit# python setup.py build
      root@bt:~/pyrit/pyrit# python setup.py install
    4. Test Pyrit:
      root@bt:~/pyrit/pyrit# pyrit list_cores
      Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
      This code is distributed under the GNU General Public License v3+
      
      The following cores seem available...
      #1: 'CPU-Core (SSE2)'
      #2: 'CPU-Core (SSE2)'
      #3: 'CPU-Core (SSE2)'
      #4: 'CPU-Core (SSE2)'
      #5: 'CPU-Core (SSE2)'
      #6: 'CPU-Core (SSE2)'
      #7: 'CPU-Core (SSE2)'
      #8: 'CPU-Core (SSE2)'

    Setup CUDA for Pyrit

    1. Build CUDA for Pyrit:
      root@bt:~/pyrit/pyrit# cd ../cpyrit_cuda/
      root@bt:~/pyrit/cpyrit_cuda# python setup.py build
      root@bt:~/pyrit/cpyrit_cuda# python setup.py install
    2. Test CUDA for Pyrit:
      root@bt:~/pyrit/cpyrit_cuda# pyrit list_cores
      Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
      This code is distributed under the GNU General Public License v3+
      
      The following cores seem available...
      #1: 'CUDA-Device #1 'GeForce 8400 GS''
      #2: 'CPU-Core (SSE2)'
      #3: 'CPU-Core (SSE2)'
      #4: 'CPU-Core (SSE2)'
      #5: 'CPU-Core (SSE2)'
      #6: 'CPU-Core (SSE2)'
      #7: 'CPU-Core (SSE2)'
      #8: 'CPU-Core (SSE2)'
      
      root@bt:~/pyrit/cpyrit_cuda# pyrit benchmark
      Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
      This code is distributed under the GNU General Public License v3+
      
      Running benchmark (3240.1 PMKs/s)... \
      
      Computed 3240.14 PMKs/s total.
      #1: 'CUDA-Device #1 'GeForce 8400 GS'': 457.5 PMKs/s (RTT 3.2)
      #2: 'CPU-Core (SSE2)': 425.5 PMKs/s (RTT 3.0)
      #3: 'CPU-Core (SSE2)': 425.9 PMKs/s (RTT 3.0)
      #4: 'CPU-Core (SSE2)': 426.2 PMKs/s (RTT 3.0)
      #5: 'CPU-Core (SSE2)': 425.5 PMKs/s (RTT 2.9)
      #6: 'CPU-Core (SSE2)': 425.6 PMKs/s (RTT 3.1)
      #7: 'CPU-Core (SSE2)': 453.3 PMKs/s (RTT 3.0)
      #8: 'CPU-Core (SSE2)': 422.3 PMKs/s (RTT 3.1)
    3. The benchmark for GeForce GPU doesn’t shows much improvement on calculation as the GPU is a low end graphic card.

    BackTrack 5: Installation and Configuration

    BackTrack Linux is an operating system based on the Ubuntu GNU/Linux distribution aimed at digital forensics and penetration testing use.[8] It is named after backtracking, a search algorithm.  For more information and download a copy of backtrack, visit http://www.backtrack-linux.org/

    Boot BackTrack via USB Flash Drive

    1. The USB flash drive should have enough space to fit the BackTrack Linux ISO file
    2. Format USB flash drive to file system FAT32
    3. Download an utility UNetbootin (http://unetbootin.sourceforge.net/) to create a bootable Live USB.
    4. Launch UNetbootin and burn the iso file into USB flash drive.
    5. The following screen shows UNetbootin usage:

      Capture 
    6. Once done, configure machine to boot from USB storage, plug in USB flash drive and boot the machine
    7. BackTrack Linux should be ready to use after booting

    Boot BackTrack via PXE

    PXE booting is another interesting configuration that may boot system from network.

    1. Mount BackTrack ISO file to extract two files requires for PXE booting: initrd.gz and vmlinuz
      -bash-4.1$ ls /mnt/iso/bt5/casper/ -al
      total 2030472
      dr-xr-xr-x 2 root root       2048 Aug 18 13:37 .
      dr-xr-xr-x 6 root root       2048 Aug 18 13:48 ..
      -r--r--r-- 1 root root      46099 Aug 18 13:37 filesystem.manifest
      -r--r--r-- 1 root root      45951 Aug 18 13:37 filesystem.manifest-desktop
      -r--r--r-- 1 root root         10 Mar  6  2011 filesystem.size
      -r-xr-xr-x 1 root root 2023530496 Aug 18 13:48 filesystem.squashfs
      -r--r--r-- 1 root root   17036519 Aug 18 13:18 initrdf.gz
      -r--r--r-- 1 root root   17036173 Aug 18 13:18 initrd.gz
      -r--r--r-- 1 root root   17038433 Aug 18 13:18 initrds.gz
      -r--r--r-- 1 root root        200 Mar  6  2011 README.diskdefines
      -r--r--r-- 1 root root    4462512 Aug 18 13:18 vmlinuz
      
    2. Copy initrd.gz and vmlinuz to TFTP boot folder.  The following shows BackTrack 4 and 5 TFTP boot folder:
      -bash-4.1$ ls -gGal bt*
      bt4:
      total 12948
      drwxr-xr-x  2    4096 Jul 22 13:35 .
      drwxr-xr-x 26    4096 Nov  3 17:15 ..
      -r--r--r--  1 8555925 Jan  1  2010 initrd.gz
      -r--r--r--  1 4690640 Dec 14  2009 vmlinuz
      
      bt5:
      total 21008
      drwxr-xr-x  2     4096 Jul 23 07:43 .
      drwxr-xr-x 26     4096 Nov  3 17:15 ..
      -r--r--r--  1 17036173 Oct 15 09:29 initrd.gz
      -r--r--r--  1  4462512 Oct 15 09:29 vmlinuz
    3. Mount BackTrack ISO file and setup NFS access to the mount point. 
    4. Configure PXE boot configuration file:
      label BackTrack 4
              menu label Backtrack Linux 4
              kernel bt4/vmlinuz
              append initrd=bt4/initrd.gz BOOT=casper boot=casper nopersistent rw quite vga=0x317 netboot=nfs nfsroot=192.168.1.1:/mnt/bt4
      
      label BackTrack 5
              menu label Backtrack Linux 5
              kernel bt5/vmlinuz
              append initrd=bt5/initrd.gz boot=casper text vga=791 netboot=nfs nfsroot=192.168.1.1:/mnt/bt5
    5. Configure machine to Boot from PXE and select BackTrack item to boot BackTrack Linux

    Install BackTrack to Local Storage

    1. Boot BackTrack Linux and start GUI interface by typing “startx” in shell prompt:

      2
    2. Double click “Install BackTrack” icon on the screen to start install BackTrack to local storage

    Configure: Start DHCP client

    Start ethernet adapter eth0 with DHCP client:

    # dhclient eth0
    

    Configure eth0 to act as DHCP client permanently:

    # cat /etc/network/interfaces
    auto lo
    iface lo inet loopback
    
    auto eth0
    iface eth0 inet dhcp
    

    Configure: Enable SSH

    Generate SSH RSA key pair for first use:

    # sshd-generate
    

    To start ssh manually:

    # service ssh start
    

    Start SSH service when startup:

    # update-rc.d -f ssh defaults

    Friday, November 04, 2011

    WAIK: Install Windows XP via WinPE

    To install Windows XP via WinPE/PXE without DVD installation, Windows XP needs:
    1. A bootable partition
    2. The partition contains the installation files

    Prepare Windows XP installation

    1. Network boot bare bone machine and execute WinPE via PXE
    2. Use “diskpart” to create and format the parition.  Assign driver letter C: to the partition.
    3. Run
      X:\> Bootsect.exe /nt52 c: /force /mbr
    4. Mount the Windows installation share:
      X:\> net use s: \Windows-xp-setup-folder">\Windows-xp-setup-folder">\Windows-xp-setup-folder">\\<server>\Windows-xp-setup-folder
    5. Prepare local installation files:
      X:\> s:\<win-xp>\i386\winnt32.exe /syspart:c: /tempdrive:c: /makelocalsource
    6. Follow the screen instruction to enter proper information
    7. After the files has been copied to hard drive, Winnt32.exe will exit and back to WINPE
    8. Type "Exit" to restart PC
    9. Windows XP installation will continue as usual

    Unattended Windows XP installation

    1. Prepare unattend answer file:
      ;SetupMgrTag
      [Data]
      AutoPartition=1
      MsDosInitiated="0"
      UnattendedInstall="Yes"
      [Unattended]
      UnattendMode=FullUnattended
      OemSkipEula=Yes
      Setting OemPreInstall=Yes is necessary if you create an $OEM$
      directory under \i386 to copy files to the target PC and/or are using a cmdlines.txt
      file.  If you aren't copying files to the target PC or using a cmdlines.txt file,
      then set it to No
      OemPreinstall=Yes
      TargetPath=\WINDOWS
      The 2 lines below are used to convert the file system to NTFS
      and then extend the boot/system partition an extra 4GB.
      FileSystem=ConvertNTFS
      ExtendOEMPartition=4000
      
      [GuiUnattended]
      AdminPassword="happyday"
      EncryptedAdminPassword=NO
      OEMSkipRegional=1
      TimeZone=35
      OemSkipWelcome=1
      The following 2 lines tell setup to login 1 time automatically after
      the installation has finished. Setup will only use the local Administrator
      account to login
      AutoLogon=Yes
      AutoLogonCount=1
      
      [UserData]
      You could add a ComputerName= line in this section. However,
      if you are installing multiple PCs, and since each PC needs a
      unique computer name, leaving out this line causes Setup to prompt
      you for a computer name.  Alternatively, you could use a UDF file to provide
      unique user information.
      ProductID=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
      FullName="Jane Doe"
      OrgName="Widgets"
      
      [Display]
      BitsPerPel=32
      Xresolution=1024
      YResolution=768
      Vrefresh=75
      
      [Components]
      This section is where you tell XP to not install certain components.
      The line below tells XP not to install MSN Explorer.
      msnexplr=off
      
      [TapiLocation]
      CountryCode=1
      Dialing=Tone
      AreaCode=305
      
      [RegionalSettings]
      LanguageGroup=1
      Language=00000409
      
      [Branding]
      BrandIEUsingUnattended=Yes
      
      [URL]
      Home_Page=www.svrops.com
      
      [Proxy]
      Proxy_Enable=0
      Use_Same_Proxy=1
      
      [Identification]
      This section joins your PC to the domain indicated, creates a computer
      account and uses the username and password indicated to create the account.
      JoinDomain=MYDOMAIN.com
      CreateComputerAccountInDomain=Yes
      DomainAdmin=msmith
      DomainAdminPassword=password
      
      [Networking]
      This section and the ones to follow were generated by Setup Manager.
      They describe what networking protocols and components to install.
      InstallDefaultComponents=No
      
      [NetAdapters]
      Adapter1=params.Adapter1
      
      [params.Adapter1]
      INFID=*
      
      [NetClients]
      MS_MSClient=params.MS_MSClient
      
      [NetServices]
      MS_SERVER=params.MS_SERVER
      
      [NetProtocols]
      MS_TCPIP=params.MS_TCPIP
      
      [params.MS_TCPIP]
      DNS=Yes
      UseDomainNameDevolution=No
      EnableLMHosts=Yes
      AdapterSections=params.MS_TCPIP.Adapter1
      
      [params.MS_TCPIP.Adapter1]
      SpecificTo=Adapter1
      DHCP=Yes
      WINS=No
      NetBIOSOptions=0
    2. Install Windows XP with unattend answer file:
      s:\<win-xp>\i386\winnt32.exe /syspart:c: /makelocalsource /unattend:unattend.txt

    Troubleshoot: "setup cannot load the keyboard layout file kbdus.dll"

    If you encounter errors during the installation (e.g.: "setup cannot load the keyboard layout file kbdus.dll"), please make sure the installation partition is not hidden if you have hide it unintentionally.
    To check if the partition is hidden:
    • diskpart
    • select disk 0
    • select part 1
    • detail part
    To unhide the volume:
    • diskpart
    • select disk 0
    • select part 1
    • attributes volume clear hidden