Tuesday, December 4, 2007

De-ICE pentest disc 1.100 & 1.110

I have decided to release videos of the first disc in the de-ice series of pentest challenges. If you do not want to see the solutions DO NOT watch these videos. Special thanks to grendal at http://de-ice.net for providing a safe way to pentest. To complete the challenges you will also need the Backtrack live cd from http://www.remote-exploit.org. All the instructions for setting up the challenge can be found on the De-Ice site. Special thanks to PrarieFire who provided the transcript of the video and had the original idea to document them in a video series.

Transcript of challege

DISC 1.100 part 1 -net discover & nmap

DISC 1.100 part 2-hydra & ssh

DISC 1.100 part 3-hydra & john

DISC 1.100 part4-ssh & ssl

DISC 1.100 part5-ftp

I am now posting the video solutions of the second disc here. As always thanks to Grendal at the de-ice site for providing this excellent way to learn and sharpen our skills. Special thanks to all the remote exploit crew for providing the sexiest sleekest attack machine ever to exist. Well maybe thats pushing it but it is the best security distro ever. Thanks to Prairie Fire for the hints when I needed them and thanks to Xploitz, balding Parrot, shamen virtual , re@lity, the prez, dr. green and all the others I forgot.

Transcript of video (comming soon)

DISC 1.110 part1-nmap & firefox

DISC 1.110 part2-ftp

DISC 1.110 part3-strings

DISC 1.110 part4-john the ripper

DISC 1.110 part5-ssh & openssl


T said...

Nice vids and write-up. I never heard about De-ICE before. I went to their site and checked it out. Downloading the CDs now. ;)

Sure beats how I set up my own lab and tried to make security holes.
Anyways Thanks. Happy holidays.

Flammable said...

Thanks for your videos. I understand all that your doing but what I don't understand is how you got the username's for use with hydra. They are in username.txt or something similar.

Where did you get that username list? Is there some kind of a context on the de-ice website?

Thanks for feedback.

Lykros said...


When looking at the website there are contact emails for company employees. Taking the first part gives a possible userID ie if user is jane doe then according to the site it would be doej, but then doej comes from popular naming conventions.