Wednesday, October 03, 2018

Live Build a Custom Kali ISO

During May and June of 2018, I worked on a really difficult project, namely attempting to create a custom Kali Linux ISO for unattended installation (and Live if necessary). While strictly speaking this is a work-related project, the paucity of working, current guides on the internet lead me to believe that people will benefit from a full run-down of how I got an unattended install to work.

Please note - This is a work in progress. As such, there's a lot of things commented out or left in because I worked on an incremental basis. Since this project was several months ago, some of the detailed explanations are unlikely to be completed.


Prelude: I was tasked with creating a custom ISO build of Kali Linux, such that it can be installed on a laptop (presumably using a live USB), or installed on a Virtual Machine. The idea is that you plug in the USB and boot from it, select “Automated Install” for instance, and have a complete install be performed on your behalf with the least amount of interaction possible.

I was directed to a link such as this one: https://docs.kali.org/development/live-build-a-custom-kali-iso. As you can see, a custom script and folder structure can be obtained for a live build from git://git.kali.org/live-build-config.git. It’s based on Debian’s own Live Build command, but makes things comparatively simpler for the end-user, e.g. all you, the user, needs to do is run “./build.sh –verbose”.

However, all of the documentation I found on using the Kali Live Build script was outdated, incomplete, or simply wrong, and wasted many hours of my time. Most of Debian’s documentation is only helpful for minutiae.
Examples:
https://docs.kali.org/development/live-build-a-custom-kali-iso - Cursory information, no details
https://docs.kali.org/kali-dojo/02-mastering-live-build - the one line about adding a preseed file to an arbitrary “debian-installer” folder that is not used anywhere within the build script threw me way off. Even if you follow this guide you won’t get a working unattended install.
https://www.offensive-security.com/kali-linux/kali-rolling-iso-of-doom/ - the preseed has errors and will not perform an unattended install.
https://kali.training/topic/building-custom-kali-live-iso-images/ - Most useful, but still not enough information about how to create a valid preseed file or what live build hooks really do.

So, through many hours of trial and error, I came up with a build process that reliably works for VMware. This may not work for Virtualbox.

Google Docs Link here

Maybe later I will upload a ready-to-go live build version to my site and provide a link.

Posted by at No comments:

Thursday, September 27, 2018

Warning: Politics

Thanks, former colleague and friend on Facebook, you say it better than I've heard in a while:

and I had a long talk last night where I brought evidence to many claims he made. When presented with facts, he demanded respect for his system of beliefs in exchange for him respecting mine. Although I appreciate the sentiment, this isn't a give and take for me. This conversation made me lose all respect for this former friend, and I do not wish to surround myself with people of his system of belief. This is deeper than politics, it's about what you stand for. If you idolize someone that is a collective symbol of hatred, racism, misogyny, anti-intellectualism, cowardice, extreme hubris, there is no room for you in my life and I'm drawing the line there. I don't care if you're a democrat, republican, conservative, liberal, identify as an asexual dial up modem internet connected toaster, or(in this case) if we were childhood/highschool/college friends. If you reject facts and evidence, it's time for the story of our connection to come to an end. I'm proud to be a Texan and proud be an example that not all of us are the stereotypical dimwitted racist simpletons that are too often propagated in the news to the rest of the world.
Posted by at No comments:

Monday, July 16, 2018

Back to basics

For some time I've felt the need to review my information gathering and discovery skills. With many IT shops now doing regular vulnerability scanning, it's a lot harder to use Nessus as a jumping off point for a (glorified) pentest. Instead I'd prefer to use other things, surreptitious port scans, network-related vulnerabilities, even printer exploitation. The latter is an area I'd long avoided as hitting printers could cause DoS conditions, but am learning more about as of late.

One good thing might be to finally go through the list of Kali Linux tools and try each one out during a pentest. This would be hands-on-keyboard experience and would be very useful. Sometimes I browse a bit and quickly discovery items that could be handy.
Posted by at No comments:

Wednesday, July 11, 2018

Jews being too damn frum

Posted by at No comments:

Sunday, July 08, 2018

Raga time-of-day player - long term project

SqueezeLite/SqueezePlay

https://discourse.mopidy.com/t/playing-schedule-for-pi-muscbox/1107

https://docs.mopidy.com/en/latest/ext/local/

http://www.gerrelt.nl/RaspberryPi/wordpress/tutorial-installing-squeezelite-player-on-raspbian/


http://www.parrikar.org/

http://raspberry-at-home.com/logitech-media-server/



I compiled these links back in November of 2017. Since approximately a year ago I'd had the idea of creating a raga time-of-day player with a Raspberry Pi Zero.

The original idea was to have some sort of set-up, similar to Plex Media Server, where if you visit a URL music will be playing automatically (like a radio station) with a selection of Hindustani ragas appropriate for the specific time of day.

After spending a couple of days struggling with the software implementation, using Mopidy or Squeezelite or Icecast, I realized that it's a lot harder than it looks. With time, the idea evolved to a focus on actually learning basic theory for Hindustani Classical Music. That's a good starting point and one I'm currently slowly pursuing.

Here's the project broken down into parts:

1. Hardware - Raspberry Pi Zero with youtube-dl to download music, and a 128 GB micro-SD Card.
2. Software - Pi MusicBox, mopidy, Icecast, Plex, SqueezeLite, all are options.
3. Scripts. Either:

  • Create a script to generate playlists with an approximate run-time of 24 hours, by selecting mp3 files from appropriate directories and creating m3u playlists from these
    • can be shorter than 24 hours as I'm unlikely to be listening to raga music in the 4th prahar of the night (3 AM to 6 AM)
  • Set up an actual radio station
  • Import filenames into a SQLlite database to help with song selection?
  • Find software that can recognize length in time of tracks
4. Play music according to the right time. One system for classifying ragas (other two are scales and raga/ragini) involves playing them at the right time of day/night/season.
5. Collect music tracks from youtube and categorize them appropriately, or create a script that searches the filename and categorizes them automatically according to some rules, or adds id3 tags accordingly...
6. Learn the theory so you can actually know what's going on. This is actually rather difficult, as there's a lot of terminology and lots of variation between schools of playing. In fact, even the time classification underpinning this project is subject to differences of opinion. For instance, Raga Shree is classified as either an evening raga or a raga of the 4th section of the day (prahar - 3 PM to 6 PM), but is traditionally played at sunset, which is either in the 4th prahar or the late part of the 5th prahar depending on the time of year and DST.


So you see there's a lot of moving parts. 
Posted by at No comments:
Subscribe to: Comments (Atom)