A few years back, we've been (i.e. j00ru and Gynvael) working on a bootkit-related project (some polish SecDay'09 presentation slides can be found here: Bootkit vs Windows.pdf). One of its basic requirements was the ability to load custom boot-"sectors" from an external host in the local network. Since the publicly available solutions required too much time to be spent on configuration and we didn't need most of the offered functionality anyway, we decided to create an extremely simplified Preboot Execution Environment (PXE) server on our own, and so PiXiEServ came to be. Actually, a great majority of the source code was written by Gynvael, with only few modifications applied by me (i.e. j00ru).
Although we eventually haven't managed to complete the said bootkit-related project and the server source code is dated back to October 2009, we've now decided that the program and its sources might prove useful to other people playing with the network machine booting mechanism, as well as trying to write their own OS and test it on both virtual and real hardware (without having to worry about getting old school floppies, CDs, etc).
Please, however, bear in mind that the application only provides the most basic functionality (i.e. it allows serving a single file via TFTP and so doesn't support multi-step/multi-file booting) and doesn't support the other advanced features described in the PXE specification. So, while PiXiEServ can be helpful with minor research/etc activities, you won't be able to perform a complete OS installation using it (I use it also for development/testing of a pet OS called OSAmber).
We've successfully used PiXiEServ with VirtualPC and VirtualBox, as well as a couple of different laptops, netbooks and PCs.
If you are using Windows Vista (2003?) or later you will need to input the broadcast address specific to your local network as the fourth command line parameter (e.g. 192.168.1.255 if you are in a 192.168.1.0 network with 255.255.255.0 mask) - this is due to some change in networking made in Vista (2003?) and since it's an old project we didn't want to spend to much time on this.
A package containing Windows executables and source code can be downloaded from here (PiXiEServ.zip, 56 kB)
Note: The project also works on the GNU/Linux platform.
Should you encounter any problems with the compilation or correct functioning of the program, feel free to drop a line either to me or j00ru.
Have fun!
P.S. English language is funny - "bear in mind", lol.
Sections
- lang: |
- RSS: |
- About me
- Tools
- → YT YouTube (EN)
- → D Discord
- → M Mastodon
- → T Twitter
- → GH GitHub
Links / Blogs
- → dragonsector.pl
- → vexillium.org
- Security/Hacking:
- Reverse Eng./Low-Level:
- Programming/Code:
Posts
- Debug Log: Internet doesn't work (it was the PSU),
- FAQ: The tragedy of low-level exploitation,
- Solving Hx8 Teaser 2 highlight videos!,
- Gynvael on SECURITYbreak podcast,
- Paged Out! #4 is out,
- I won't be able to attend CONFidence'24 after all :(,
- xz/liblzma: Bash-stage Obfuscation Explained,
- Two of my bookmarklets: image extraction and simple TTS,
- Paged Out! #3 is out,
- My howto script,
- → see all posts on main page
// copyright © Gynvael Coldwind
// design & art by Xa
// logo font (birdman regular) by utopiafonts / Dale Harris
/* the author and owner of this blog hereby allows anyone to test the security of this blog (on HTTP level only, the server is not mine, so let's leave it alone ;>), and try to break in (including successful breaks) without any consequences of any kind (DoS attacks are an exception here) ... I'll add that I planted in some places funny photos of some kittens, there are 7 of them right now, so have fun looking for them ;> let me know if You find them all, I'll add some congratz message or sth ;> */
Vulns found in blog:
* XSS (pers, user-inter) by ged_
* XSS (non-pers) by Anno & Tracerout
* XSS (pers) by Anno & Tracerout
* Blind SQLI by Sławomir Błażek
* XSS (pers) by Sławomir Błażek
// design & art by Xa
// logo font (birdman regular) by utopiafonts / Dale Harris
/* the author and owner of this blog hereby allows anyone to test the security of this blog (on HTTP level only, the server is not mine, so let's leave it alone ;>), and try to break in (including successful breaks) without any consequences of any kind (DoS attacks are an exception here) ... I'll add that I planted in some places funny photos of some kittens, there are 7 of them right now, so have fun looking for them ;> let me know if You find them all, I'll add some congratz message or sth ;> */
Vulns found in blog:
* XSS (pers, user-inter) by ged_
* XSS (non-pers) by Anno & Tracerout
* XSS (pers) by Anno & Tracerout
* Blind SQLI by Sławomir Błażek
* XSS (pers) by Sławomir Błażek
Add a comment: