From Rexploit

auditor-200605-02

Intro

Please welcome the most advanced version made ever. Its stable, up-to-date and packed full with damn rocking tools. I hope you all like what it is now. So read on for changes information.

First of all there are now released two different iso's:

auditor-200605-02-no-ipw2100.iso:

This version works with all systems including the laptops with intel B/G cards (ipw2200). Because there is not ipw2100 driver included, ipw2100 based intel B only wireless cards will not work. If you own/work on a system with an ipw2100 take the other iso, in any other case it is safe to take this one.

auditor-200605-02-ipw2100.iso:

This version got the intel ipw2100 driver built int. This version will not work on systems which has ipw2200 based wireless cards built in. I repeat, dont use this version if you have an intel b/g wireless network card which is based on the ipw2200 driver. If you own a system with an ipw2200 supported card, take the other iso. All other should run fine.

Sorry for that hassle about that damn ipw2200 instability, i hope the driver projects will fix their incompatibility soon so we can merge together. The funny thing is, that the ipw2100 card dont give a damn about the ipw2200 driver, but the ipw2200 system are hanging during booth, when an ipw2100 driver is probed during autodetection.

New & Updated tools:

  • proxychains 1-8-1 (for example scanning over proxy more easy)
  • yersinia-0.5.4
  • kismet-logfile-viewer klv.pl and klc.pl
  • ntp fingerprinting tool
  • tftp bruteforce tool
  • snmp fuzzer
  • cisco torch 0.4b
  • unicornscan 0.4.2
  • packit
  • sendip
  • nasl 2.2.4
  • tcpick
  • cryptcat
  • amap version 4.8
  • tcpsplit
  • Ethereal version 10.11
  • ettercap-ng-0.72 and modified the etter.conf
  • replaced tinysnmp with snmp tools
  • vnc2swf /usr/X11R6/bin/recordwin and vnc2swf
  • edit_vnc2swf.py
  • edit_mp3.py
  • wpa-supplicatiant 0.3.8
  • hostapd-utils 0.3.7
  • ssldump
  • fragrouter
  • Metasploit 2.4 including all known updates
  • airsnarf, but no menu at moment
  • fakeap to /opt/auditor but no menu entry at moment, need to write a shell script
  • dsniff 2.4b1-10
  • nessus plugins updated
  • exploit tree updated
  • Snort 2.3.2-5
  • Bleeding-edge rules for snort
  • New aircrack
  • New airsnort
  • Bet i forgot some to mention.

New & updated drivers:

  • rt2400 linux drivers and utils (untested)
  • rtl8180 driver (8180_26_private.ko and open8180.ko and /usr/local/bin/wlanup and /usr/local/bin/wlandown) (Untested)
  • hostap drivers 0.3.7
  • ipw2100 & ipw2200 incl firmware, incl monitor mode
  • Prism54 with injection patch
  • Linux-wlan-ng with injection patch
  • Madwifi with injection patch
  • ACX drivers are back on cd

Addons:

  • Default password list has been updated
  • Added some changes to the network stack using /etc/sysctl.conf, which will be called from knoppix-autoconfig script
  • New background image

Some fixes i remember:

  • Kernel completely rebuilded to provide full functionality
  • Isolinux now accepts bootparameters again
  • USB drivers are back to /dev/sda and booting from stick works fine
  • grub files have been fixed
  • fixed hostname /etc/hosts
  • /cdrom/index.html pointed to the old forum fixed that
  • Added cardctl eject, cardctl insert into switch-to-XY scripts
  • Fixed the homebutton of the konquerror when clicked first time
  • Fixed the menuentry for nessus

auditor-150405-04.iso.zip:

Intro:


This should be only a minor release, but my filesystem was corrupt and i had to rebuild it partially. There are some enhancements which are long awaited:

If you like it, please donate and let me know for what you need it and in what company. I need some references.

Max Moser

Bootsquence:


- Removed the "nopcmcia" from savemode, so most problematic system should work not with that - Corrected the copyright notice to show current year - New Kernel rebuild

Desktop:


-Only minor changes (Removed the link to the cdrom)

New applications:


- Nasty (GPG secret key bruteforcer - New aireply (airforge etc) - Re-added bind9 (I have lost it somewhen= - Exploit tree (A bunch of exploit code, searchable) - Kwifimanager - Added lsrscan - Added SMBspy - Added partial the sara scanner - Added new gpsd with usb support

New drivers:


- RTC support in kernel Updated most of the drivers using packet injection patches: -prism54 -madwifi -hostap -wlanng

Without packet injecton:


- New versions of ipw2100 and ipw2200 - RT2400/2500 support - Patched ATX support - Maybe i have lost the ATmel support but will bring in next release

Fixes:


- John default files - PCMCIA config for other cards added - Savemode nopcmcia fixed - Scripts fixed


auditor-120305-01.iso.zip:

Intro:


First of all, it is a major rebuild. Its a new one, but the best you can get. The long time was worth it.

If you like it, please donate and let me know for what you need it and in what company. I need some references.

Greetings

Max

Bootsequence: -I did not change very much of the boot sequence. The boot frame-buffer pictures have been removed except the kanotix bootsplash. The keylayout selection has been removed because KDE can switch layouts on the fly. - All default Knoppix/Kanotix bootparams should work now except that one for md5check of the cd content - Soundcard detection is back in it. Took the Kanotix one. Thnx Kano

Desktop: - A complete remake - Switch to stripped KDE instead of ICEWM - New background image - New menu structure

Menu: - A complete new menu structure is now in place - Documentation menu structure has been removed now but will maybe come back in

New Applications: Well i will update the toollist, here i just add some hi-lights it is too much to name it here.

  • Updated nessus (Including new plugins and joshs find_ap.nasl, yes I don't forget it)
  • Jan 2005 version of Kismet
  • New exclusive Wellenreiter version supporting more cards.
  • Modular protocol fuzzer Bed.pl
  • New HD-Installer
  • DNS tunnels (OZYMAN DNS etc)
  • Fragroute
  • New Metasploit
  • Airpwn fixed
  • Httprint signatures to /opt/auditor/httprint (without, does not make sensse)
  • WPA stuff (xsupplicant, wpasupplicant)
  • Freeradius
  • Switch-to-.... scripts to change between hostap and wlanng drivers
  • Aireplay 2.2 needs now only one card (wlanng driver)
  • Added arpforge which is new aireplay tool
  • Added new file2air (0.4) needs now wlan-ng drivers (patched)
  • Airsnort 0.2.7e
  • Corkskrew (SSH tunnel over HTTP proxies)
  • Cisco global exploiter
  • AIMSNIFF
  • Added a bunch of bluetooth tools to perform the vearious attacks more comfortable
  • Bluesnarfer
  • Gnome-Phonemanager
  • Kandy
  • BTScanner
  • Ghettotooth
  • Obex toolset
  • Terminal (Minicom)
  • paros
  • start-skript for autopsy
  • New cowpatty


auditor-081004-01.iso.zip:

Homepage:


The whole project moved to www.remote-exploit.org, i do not longer have my company running, so i just moved the project.

Bootsquence:


- The bootsplash screens have been replaced to fit new webaddress - Removed the bootmenu image - Extended the F1 message - Failsave does not contain additional parameters like module=fbdev - The "keyb" boot-parameter has been added. It will suppress the keyboard

 layout selection dialog by configure the provided one. (Example: keyb=us)

- Soundcard detection has been removed, you can add "dosound" as bootoption

 and you will get it back, sorry but was too buggy, feel free to provide a 
 solution. For me sound is just not as important as the stability. 

Desktop:


- The background image has been replaced to fit new webaddress - The size of the terminals of applications have been modified to be as

 small as possible/needed

New menu sections:


- Added the "Digital forensics" section. When you have some recommendations,

 please contribute.

- Added a "Honepot" section. Tools like tinyhoneypot are not included into

 the menu, but are available from the commandline 

- Changed the Wireless menu structure to fit my needs - Restructured the menu

New tools:


- Application scanner - scanssh (SSH version scanner) - added the terminal server client rdesktop to the menu

- Network scanner - ike-scan

- Wireless - Gpsmap into the kismet submenu - The aircrack suite (version 2.1) - aircrack - airodump - aireplay - 802ether - The chopchop WEP break/decrypt/inject tool - file2air (Thnx josh for the hostap port) - WPA-psk-bf WPA preshared key broteforcer. - Weptools toolsuite - wep_crack - wep_decrypt

- Honeypot

     - honeyd

- fimap - fpop3 - tinyhoneypot

- Digital forensics - autopsy (Automatic startup of browser included) - testdisk - recover - wipe

Updated tools:


- hotspotter v0.4 - Wellenreiter(Auditor specific version) - Xhydra, hydra (version 4.3) - Ethereal (version 0.10.6) - "browser" webbrowser start script - Metasploit ( 2.2, contains the minivnc code! wow thnx for that) - Ettercap, switched to ettercap-ng now. - Many others, did not remind them all, will update the list on website.

Tip: Check out the start-fakes script. not more to say here :-)

Drivers:


- Included the WLAN-NG drivers for Prism cards. Use "switch-to-wlanng"

 command to move from hotap driver to wlanng. To return to hostap use 
 "switch-to-hostap". Please keep in mind that you need to remove and  
 reinsert the pcmcia card. This wlanng driver is needed for chopchop 
 got the patches of chopchop applied.

- Hostap driver has been updated and patched with the aircrack patches

 see aircrack documentation

- Centrino 2100, IPW2100 driver has been updated. The new driver got som

 strange behaviours. It was needed to automaticly configure the card to 
 monitoring mode during start up with ip 1.1.1.1. This has to be done, 
 because the driver does not register itself to /proc/net/wireless. So
 autodetection would be broken, when i would not trick it. 

Bugs fixed:


Too many, don't remember them all.


Auditor 23062004-01B:


General: - Changed to .zip file. Some people still don't know bzip2.

Boot/Kernel: - New bootparameter "bootusb" for booting from usb cdrom - New boot resolutions, new bootmenu - New Kernel 2.6.6

Drivers: - New wireless drivers supported - Orinoco drivers fixed (More firmware independent) - Dragorns Orinoco monitor mode patch - A lot more drivers in Kernel - Better acpi support - New alsa sound drivers 1.0.4

Software: - Added new hydra 4.1 version + XHydra gui. - Wellenreiter supports now all WLAN cards - Kismet switches now all 14 Channels not 11 - Added Metasploit framework 2.1 - Updated Nessus-plugins - Added and modified knx-installer / auditor-installer - IPW2100 fixes in kismet, scanning etc. - Fixed USB bugs

Auditor 180504-01:


Initial release.

FAQ:


- How does the tool "XYZ" work? - Read the documentation, when there is any - Ask in our forum - Ask google

- Is there a list of tested / supported / unsupported devices? - Go to wiki.remote-exploit.org and find out.

- Why are you doing this? - Initially i hated me, for allways forget an important tool

             on my penetetration testing laptop. 

- There are no /var/log/messages!? - execute "/etc/init.d/sysklogd start"

- When do you support my *what you like* broadcom chip based wireless card? - Broadcom does not provide information to linux community so dont expect to have a driver

- Why don't you include NDIS-Wrapper? - Well NDIS wrapper do not support monitoring mode, so why should i include them then?

- What can i do with this hotspotter thing? - Well use your imagination, you can find some ideas in

             /opt/auditor/full/share/hotspotter find there some automation scripts 
             to bring up dhcp, dns, fake daemons and a hughe list of common hotspot 
             names.

About Auditor security collection:


The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier. Even during the planning and development stages, our target was to achieve an excellent user-friendliness combined with an optimal toolset. Professional open- source programs offer you a complete toolset to analyse your safety, byte for byte. In order to become quickly proficient within the Auditor security collection, the menu structure is supported by recognised phases of a security check. (Foot-printing, analysis, scanning, wireless, brute-forcing, cracking). By this means, you instinctively find the right tool for the appropriate task. In addition to the approx. 300 tools, the Auditor security collection contains further background information regarding the standard configuration and passwords, as well as word lists from many different areas and languages with approx. 64 million entries. Current productivity tools such as web browser, editors and graphic tools allow you to create or edit texts and pictures for reports, directly within the Auditor security platform. Many tools were adapted, newly developed or converted from other system platforms, in order to make as many current auditing tools available as possible on one CD-ROM. Tools like Wellenreiter and Kismet were equipped with an automatic hardware identification, thus avoiding irritating and annoying configuration of the wireless cards.

Support us by making a donation using the button below. Please contact us using email. For other payment methods.