As I use backtrack-linux for my attacker's operating system, the OS has gone though some major updates (new tools have been added, some removed and most of them been updated)!
As a result there are a few minor issues with my guides for boot 2 roots. The general process is the same, so I didn't see a "need" to re-do it all - I hope this quick note sums it all up!
Brute Forcing (Hydra)
It has been reported that Hydra isn't 'playing nice' with backtrack 5 R1 (which at the time is the latest release of backtrack), but it's happy with backtrack 5. On some machines running certain programs (e.g. hydra) inside VMware, it gives out tons of 'Waiting for child process' error messages.
'JBroFuzz' is no longer included in backtrack. I would recommend using 'DirBuster' instead.
Eph demonstrates this in his
The local privilege escape DOES work - don't have it connected to the Internet. (Auto updates?)
F4l13n5n0w has also found a few more vulnerability related this challenge.
Due to a coding bug (Line 16, missing a
' (single quote) in
<td algin='center>) & using a newer version of firefox, after logging in the 'ping' page isn't displayed correctly. You can either:
- Use the firefox addon 'Firebug' to edit the page content fixing the issue.
- Seen in MagiaMystery's video: https://www.youtube.com/watch?v=sDR7oryS48g
- Use 'BurpProxy' and craft the post request manually.
- Seen in Lnxg33k's video: https://lnxg33k.wordpress.com/2011/08/20/video-kioptrix-level2-war-game-solution/
Swappage has done another method to escape privates to gain root access. Instead of using 'ht' to write file(s) in which to gain access, Swappage walks though the process of discovering and creating a exploit for the program instead!
General message regarding all "boot 2 roots"
Don't use it on your main or production network as:
- You're adding a vulnerable machine on your network - just making it weaker!
- The machine could auto update - therefore breaking the challenge!
The target's virtual machine isn't showing up! Its not working! I can't find it! Help!
However if its a Virtual Machine, check the format it in and use that vendor.
Most of them are in VMware as it has the market share.
You can try and use another vendor, however don't expect it to work, due to each product using different drivers for interfaces - therefore there might not be any network activity.
When using VMware images, always select 'moved it'.
When you select 'copied it', it creates another interface, therefore it the automated, backend scripts are not configured to use the new interface.
The only issue with selecting 'move it', is if you have have another copy/version of that VM.
As you haven't got the another copy of it, it hasn't got anything to clash with.
Not every challenge is setup to use DHCP!
Some have static IP addresses (this is because the scripts & settings used have that IP assigned to it when it was created).
Read the 'readme' file and/or the homepage as it could mention the IP address/range which is used. Else I recommend using netdiscover.
Not every device respones to ping (ICMP) requests and these VM's are no exception. You might have to look into other methods of detecting machines on a network.