DSL Embedded :: dsl for pen testers
Oh, using qemu. Different story altogether - should've guessed that when you wanted a "bigger" window.
Yes, hda is mounted with the DSL image. hdb (not hab) is the virtual 60mb (default) image located in .../qemu/harddisk - it is NOT your physical drive. There have been a couple other threads on this for some workarounds with qemu. Note that by default this image is empty, therefore resulting in your mounting errors.
About networking, you may as well run network security tools on windows, because that will have native access to your network.
As I suspected from the first post.
DSL as I implemented it in Qemu is a sandbox.
You are in a virtual machine with no access to the physical drives.
You will have a passthru network connection to use the browser using your pre-existing Windows network setup.
You can use advanced Qemu settings to play outside the sandbox.
Most of your questions are Qemu specific.
Try this link
http://www.h7.dion.ne.jp/~qemu-win
Thanks for the link. Too bad i don't understand Japanese.
So I understand now what you meant by DSL is a sandbox. But that's why I thought it could be used as a pen-testers tool. That's probably why I initially put this in the other area.
I've checked around the files looking for some of these tools and have haven't been able to find them.
Some of the things I can see this being used for is like forensic investigators looking at a suspects computer for evidence. If you have a search warrant and get the suspects permission you can do a limited amount of searching before you confiscate evidence.
The other is for a pen-tester who would be doing a quick down and dirty assessment. For instance, if a client asks what would it take for you to do an assessment of my company, I don't have a topology I don't have any schemeatics I don't have a clue where anything is, but I need to have some sort of vulnerability analysis or pen-test.
With a tool like this having a few nice tools loaded like, nc, nmap, metasploit, nessus, tcpdump, johntheripper, firewalk, Sleuthkit etc. you could set up a few quick scripts or run through a quick nmap scan, maybe a johntheripper or something to be able to assess what this might cost the client.
So, if the only way to get to the hd physically is to go through the network, that may not be the idea way to do any of this since we'd like to keep everything read only.
I just thought there may be another way to do this.
Thanks for the Japanese links though it kept me busy for a few hours.
It's in english...? At least, as long as you don't click on the japanese link.
Well, you may just be limited by qemu's networking capabilities, not to mention to be restricted by the host environment. You can directly boot natively into a linux livecd/liveusb/etc. for your needs, if you do not wish to use windows' tools.
Gosh, when I click on the link I provided I see english.
You may want to check out the distro called INSERT.
INSERT was orginally based on DSL and I believe has many tools that you have mentioned. But again, INSERT is not embedded in Qemu and boots as a live CD. It is not a general desktop.
Next Page...
original here.