Password Admin Anonymous-OS

On March 13, an anonymous benefactor announced the availability of Anonymous-OS, a new live-bootable Linux distribution tailored for a... particular class of user. The package was posted on Sourceforge and downloaded over 20,000 times before it was taken down by the service on March 15

Some in Anonymous had cautioned that it might be some sort of trap; others claimed it was in fact a clever socially engineered package of malware waiting to spring on whoever had the audacity to download it.

I had the audacity to download it just before Sourceforge shut the project down, loading it up on a virtual machine and installing it to a bootable USB. And honestly, there's not a whole lot to get excited about—Anonymous-OS is nothing more than a snapshot of a system running Ubuntu 11.10 with a few minor tweaks, redistributed as a live-boot ISO, and packaged with the usual collection of "educational" security tools (some of which may in fact expose you to law enforcement attention).

Sourceforge's move to take down the project had more to do with the shady way in which it was posted than its content. The Sourceforge community team looked at the project, and found it was "a security-related operating system, with, perhaps, an attack-oriented emphasis," the company said in its statement. But they found no evidence it was in any way connected to Anonymous, concluding that the person or persons behind the project were in fact using the name of the group to draw attention.

"By taking an intentionally misleading name, this project has attempted to capitalize on the press surrounding a well-known movement in order to push downloads of a project that is less than a week old," Sourceforge's spokesperson said in the company statement. "We have therefore decided to take this download offline and suspend this project until we have more information that might lead us to think differently. We’ll be in touch with the project admin, and let you know if and when we find out anything to contrary, but for now, that’s what we’re doing."

What's in the package

Nobody in the security realm is going to shed any tears over the suspension of the Sourceforge project. It is, at best, a poor substitute for other freely available distributions of Linux tailored to security tasks—most notably Backtrack Linux, an Ubuntu-based distribution that comes configured with a much broader selection of penetration testing, hacking, and "stress testing" tools. While I didn't find any evidence of trojans or rootkits while traipsing through its internals (and WireShark records of its network traffic), it's probably most useful as a snapshot of what overeager Anon wannabes would run on the USB stick they keep hidden under their pillow.

Before installing Anonymous-OS, I poked around the contents of its DVD image and found that it was created using Remastersys, a tool that creates a full-system backup of Debian and Ubuntu based operating system installs up to 4GB in size and turns them into bootable DVD images. There's no way to actually install the image onto a system; however, you could waste your time like I did and use UNetbootin to create a bootable USB version of the image.

Once you get past the Ubuntu 11.10 startup, the Anonymous-OS package throws up this lovely customized login screen. The password for the anonymous admin account, in case you were wondering, is anon. The project team posted that on their site as an MD5 hash for eager downloaders to crack.

Password for the admin account : anon