As a Systems Administrator I find myself always needing a certain tool of boot CD I don’t have with me. I’ve recently stopped carrying any CDs or DVDs with me as they always find a way to get damaged. I’ve just kept an 8GB Sandisk Cruzer thumb drive on hand with some specific tools. Until the other day these tools consisted of basic antivirus, system configuration tools and a couple of portable apps. I wanted something more, but never had the time to put together The Mother Of All USB Thumb Drives until now.
Let’s face it, the best USB thumb drive will boot on it’s own into it’s own operating system or specialized utility. Those are the thumb drives that save the day! Of course, if you have a thumb drive that boots into a drive imaging utility that really does you no good at all if you need to do a virus scan. That’s where Multipass (Multiboot) USB comes in.
Here’s how it works:
Every bootable drive has a set of instructions at a certain place that tells the computer how to load and run what’s on the drive. Normally, these set of instructions tell the computer to load Windows, OS X, DOS, Linux or whatever type of system you’re using. With the addition of a “Boot Manager”, the drive tells the computer to load the boot manager the same way – except the boot manager can now give you a selection of what you want to boot your computer into. Boot managers have been around for a while, but making their way onto USB drives is relatively new.
OK, so what’s the plan? What are we going to do with this USB Drive? I have several tools I consider “favorites” and we’re going to combine them all on one USB thumb drive. Here they are and what they do:
Trinity Rescue Kit – “Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.” - Trinity is my newest favorite tool. It resets passwords, runs virus scans from 4 different vendors, rootkit detection, filesharing, drive evacuation – you name it. It’s a very thorough tool.
Kon-Boot – “Kon-Boot is an prototype piece of software which allows to change contents of a linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the current compilation state it allows to log into a linux system as ‘root’ user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password.” - It does exactly what it says it does. very well and damn near seamless. Fantastic for Forensics and getting back into machines that you’ve long forgotten the passwords to.
Ophcrack – “Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.” – As the one in charge of IT security, it’s my job to make sure your passwords are secure enough. This fantastic tool will tell me who passes and who fails the test!
DBAN - “Darik’s Boot and Nuke (“DBAN”) is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.” - With a government IT background and my current position having to rely on HIPAA guidelines, DBAN is a great tool to wipe a computer’s hard drive to Department of Defense specs.
Hiren’s 9.9 – Hiren’s Boot CD is the standard by which all other Rescue CDs are measured. This CD has an amazing amount of stuff on it. It was my #1 go to CD for a long time.
Ubuntu 9.04 LiveCD - “Ubuntu is a community developed, Linux-based operating system that is perfect for laptops, desktops and servers. It contains all the applications you need – a web browser, presentation, document and spreadsheet software, instant messaging and much more.” – If the machine won’t boot at all and you NEED to get into an operating system for something, an Ubuntu LiveCD will save the day.
Windows 7 Install DVD – Windows 7 is going to be a hit. I’ll be prepared with the ability to install it from a USB drive as well as boot into the recovery mode to solve problems.
BackTrack 4 - “BackTrack is the most top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.” - Again, as a security professional, I need to know when my systems are vulnerable. This amazing set of applications allows me to attack my systems and find their weak points.
Macrium Reflect - “A complete disaster recovery solution for your home and office. Protect your personal documents, photos, music and emails. Upgrade your hard disk or try new operating systems in the safe knowledge that everything is securely saved in an easily recovered backup file.” - Time for a new hard drive? Boot into Macrium for a fast way to clone your existing data to your new drive. It’s today’s Symantec Ghost.
Let’s begin!
There are three tools you’ll need to pull this off – PeToUSB, grubinst and grubfordos. Format the USB drive with PeToUSB by selecting the drive and choosing: Enable Disk Format, Quick Format and Force Volume Dismount. If you have a drive thatps over 2GB, you’ll get an error. Ignore it and format the drive as FAT32 using Disk Manager in Windows. Next, run grubinst_gui.exe from the grubinst package. Select your drive and click install. No options need to be changed. Copy the grldr file from the grubfordos package and place it into the root of your drive. Finally, create a text file called menu.lst and place it with the grldr file. You can now boot from the USB drive. You’ll quickly find out that at this point, there’s nothing to boot into except the bootloader! Time to put your goodies on the drive.
From what I understand, the next version of grub will give you the ability to multiboot directly into an ISO image of a CD or DVD more reliably. As of now, there are only a few ISOs that this will work with. Let’s go through some examples of my configuration.
Hiren’s BootCD: One of the easiest to set up. Simply extract the contents of the ISO and copy the HBCD folder to the root of your USB drive. Edit the menu.lst file and add the following:
title Hirens 9.9
kernel /HBCD/memdisk
initrd /HBCD/boot.gz
You’ll now have the menu option to boot into Hiren’s Boot CD. It gets tricky though. Let’s take a look at Ubuntu LiveCD. For this one to work, we need to extract the entire contents of the CD to the USB drive. Our menu entry for it would look like this:
title Ubuntu 9.04 x86
root (hd0,0)
kernel /casper/vmlinuz boot=casper ramdisk_size=1048576 root=/dev/ram rw quiet splash
initrd /casper/initrd.gz
It takes a little trial and error to get things working the way they should, but the payoff in the end is worth it. What about Ophcrack and other BootCDs that contain “BOOT” folders? If you copy all the BOOT folders to one location, won’t they screw everything up? Yes they will. What we will do is put them either in subdirectories or rename the BOOT folder to something like “Ophcrackboot” once they are on the thumbdrive. Here is my Ophcrack entry:
title Ophcrack
kernel /ophcrack/boot/bzImage rw root=/dev/null vga=normal lang=C kmap=us screen=1024x768x16 autologin
initrd /ophcrack/boot/rootfs.gz
Finally, here is my entire menu.lst for my Multipass USB drive:
splashimage=/splash.xpm.gz
color red/black white/black
root (hd0,0)
title Ubuntu 9.04 x86
root (hd0,0)
kernel /casper/vmlinuz boot=casper ramdisk_size=1048576 root=/dev/ram rw quiet splash
initrd /casper/initrd.gz
title Windows 7
map (hd0,0)/win7.iso (hd32)
map –hook
chainloader (hd32)
title Trinity Rescue Kit
configfile /submenu.lst
title Hirens 9.9
kernel /memdisk
initrd /HBCD/boot.gz
title Macrium Reflect
map (hd0,0)/macriumreflect.iso (hd32)
map –hook
chainloader (hd32)
title Kon-Boot
map –mem /konboot.img (fd0)
map –hook
chainloader (fd0)+1
map (hd1) (hd0)
map –hook
rootnoverify (fd0)
title Ophcrack
kernel /ophcrack/boot/bzImage rw root=/dev/null vga=normal lang=C kmap=us screen=1024x768x16 autologin
initrd /ophcrack/boot/rootfs.gz
title ntpasswd
kernel /ntpasswd/vmlinuz rw vga=1 initrd=/ntpasswd/initrd.cgz /ntpasswd/scsi.cgz
initrd /ntpasswd/initrd.cgz
title BackTrack 4 BETA
root (hd0,0)
kernel /bootbt4/vmlinuz vga=0×317 ramdisk_size=6666 root=/dev/ram0 rw quiet
initrd=/bootbt4/initrd.gz
boot
title DBAN
kernel /memdisk
initrd /dban.img
title Boot the First Hard Disk
rootnoverify (hd1)
chainloader +1
##END################
boot
So what does it all look like when it’s finished? I’ve added a custom background to my installation and you can too. read the documentation for grub4dos to find out how – it’s super simple. Now for the eye candy!
The HP Mini 1030NR on the boot screen
The boot screen up close
