.

Learning Phase on Pentest - De-ICE

<<

vp75

Jr. Member
Jr. Member

Posts: 78

Joined: Tue May 01, 2007 6:46 am

Post Wed Jul 13, 2011 5:33 pm

Learning Phase on Pentest - De-ICE

Hi Guys,

Hope you can help me,

I got lab setup with BT5 & Installed De-Ice.net 192.168.1.100 (first series).

It seems by default it is set up with 192.168.100.1, my router asusual has 192.168.0.x. I'm not able to ping to De-Ice distro....

My question is without logging into De-Ice i cannot change the ipaddress....Similarly I tried changing ipaddress in my router for 192.168.1.x series to enable to connect accordingly.....Seems I'm missing something & not sure how to overcome the situation....
Your help is much appreciated...

Cheers
Vp
eCPPT
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Jul 13, 2011 6:22 pm

Re: Learning Phase on Pentest - De-ICE

Perhaps boot it in a vm with a network configured for that subnet.  For that matter, if you're on a hub (your router,) just put your workstation on the same subnet.  They can hit each other that way, so long as both are on same side of your router.  (ie - you're not trying to go PAST the router)
Last edited by hayabusa on Wed Jul 13, 2011 6:25 pm, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Wed Jul 13, 2011 6:46 pm

Re: Learning Phase on Pentest - De-ICE

I would think that changing the subnet on your router to 192.168.1.x would work, that's exactly what I had to do...hmm.  Make sure your not testing connectivity to the .1.100 De-ICE disc via ping - it won't reply.  You can test by trying to FTP or SSH to it (should get a login prompt).
GSEC, eCPPT, Sec+
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Jul 13, 2011 7:01 pm

Re: Learning Phase on Pentest - De-ICE

Heh...  Been so long since I played with De-ice, forgot he won't be able to ping it.  Didn't it even mention that in one of the readme's?
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

vp75

Jr. Member
Jr. Member

Posts: 78

Joined: Tue May 01, 2007 6:46 am

Post Wed Jul 13, 2011 7:04 pm

Re: Learning Phase on Pentest - De-ICE

Hi Hayabusa

I got my Lab setup in Mac.....I believe Mac version of VM (vm fusion) available only in trial version....(else got to buy it)....

Any other option.....?

Cheers
Vp
eCPPT
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Jul 13, 2011 7:25 pm

Re: Learning Phase on Pentest - De-ICE

Yeah...  See lorddicranius' post, above.  You WON'T be able to ping.  Apologies, as I'd forgotten about that with DE-Ice.  It won't respond to icmp.  Try ssh, or ftp, or run nmap with common ports, and see if it replies.

But again, make sure your attack machine is setup with an ip on same subnet as de-ice.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

nicklauscombs

User avatar

Newbie
Newbie

Posts: 28

Joined: Mon May 23, 2011 9:02 pm

Location: Virginia

Post Wed Jul 13, 2011 9:18 pm

Re: Learning Phase on Pentest - De-ICE

hayabusa wrote:Heh...  Been so long since I played with De-ice, forgot he won't be able to ping it.  Didn't it even mention that in one of the readme's?


ha this just happened to me the other day as well... probably a good year since i've played with it (forgetting of course it can't be pinged).... 5 minutes later.... OH YEAH CRAP
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Thu Jul 14, 2011 12:28 am

Re: Learning Phase on Pentest - De-ICE

hayabusa wrote:Heh...  Been so long since I played with De-ice, forgot he won't be able to ping it.  Didn't it even mention that in one of the readme's?


I'm not sure honestly.  I don't think I've ever seen a readme for the de-ice discs.  The discs I got were .iso's (not tarballed or anything).  I know the heorot.net forums contains downloads and scenario info, but there isn't anything there about the discs other than the disc IP.  I remember seeing a wiki with all the info too, but I'm having a helluva time finding it haha.  I don't recall the wiki saying too much more about them either though.
GSEC, eCPPT, Sec+
<<

nicklauscombs

User avatar

Newbie
Newbie

Posts: 28

Joined: Mon May 23, 2011 9:02 pm

Location: Virginia

Post Thu Jul 14, 2011 2:48 am

Re: Learning Phase on Pentest - De-ICE

lorddicranius wrote: I remember seeing a wiki with all the info too, but I'm having a helluva time finding it haha.  I don't recall the wiki saying too much more about them either though.


I remember there being a wiki or forum entry about it not being pingable though you are right in saying that it is extremely difficult to find.
<<

vp75

Jr. Member
Jr. Member

Posts: 78

Joined: Tue May 01, 2007 6:46 am

Post Thu Jul 14, 2011 3:50 am

Re: Learning Phase on Pentest - De-ICE

Hi Lord/Nick/hayabusa,

I will try it again as per your suggestions....

It was around early morning 2am (GMT) i went to bed after banging my head on it. I remember i did tried the nmap with the De-Ice ipaddress(i was getting as host down), but not sure as i have been playing around the network adapter with NAT/Bridged/Host etc....

I will give a try again with bridged which is  how i have setup all my other distros & let you know....

Thanks guys, though we havent met each other.....thru forum sharing knowledge is brilliant....
Cheers
Vp
eCPPT
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Thu Jul 14, 2011 9:01 am

Re: Learning Phase on Pentest - De-ICE

I designed the De-ICE disks to imitate the real world, and one thing I always did as a sysadmin was turn off things like ping... So, I did the same with the 1.100 disk. The educational purpose behind turning it off was to teach people to use multiple tools to validate everything they do. As my students hear me say (too frequently), "always be cynical and use more than one tool for each task."
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

vp75

Jr. Member
Jr. Member

Posts: 78

Joined: Tue May 01, 2007 6:46 am

Post Thu Jul 14, 2011 3:31 pm

Re: Learning Phase on Pentest - De-ICE

Hi Grendel,

good to see your reply (The Designer of De-Ice).

I checked again, In BT5, I'm able to see the IPAddress 192.168.1.100 while using netdiscover, but nmap says @Host is down. My network setup is Bridged....is that were I'm making a mistake....? (i believe for nmap it should show the open ports / services....)

Cheers
VP
eCPPT
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Thu Jul 14, 2011 4:30 pm

Re: Learning Phase on Pentest - De-ICE

Just to make sure we're all on the same page:

  • The router is configured to use the 192.168.1.x subnet
  • The BackTrack VM is configured for bridged networking
  • The BackTrack VM has an IP address in the 192.168.1.x subnet (a DHCP addresses leased from the router?)
  • The De-ICE 1.100 disc is configured for bridged networking
  • You can see the De-ICE .1.100 disc from the BackTrack VM using netdiscover
  • You can't get a list of open ports when you scan the De-ICE .1.100 disc using nmap

What's the nmap command you are using?
Last edited by lorddicranius on Thu Jul 14, 2011 5:39 pm, edited 1 time in total.
GSEC, eCPPT, Sec+
<<

vp75

Jr. Member
Jr. Member

Posts: 78

Joined: Tue May 01, 2007 6:46 am

Post Fri Jul 15, 2011 1:39 am

Re: Learning Phase on Pentest - De-ICE

Hi Lord

(The router is configured to use the 192.168.1.x subnet , I hope you are referring the  ipaddress on router, as subnet slightly confused me)
1. Router is configured on defualt 192.168.0.1
2. BT VM is configured on Bridged Net
3. BT VM has IP address 192.168.0.x (a DHCP addresses leased from the router?) not sure of this part), I can see there is a option for DHCP Client if required with no value in my mac laptop (i didnt provide any value)
4. The De-ICE 1.100 disc is configured for bridged net
5. I can see the De-ICE .1.100 disc from the BackTrack VM using netdiscover
NetDiscover shows IP, Mac Addr, Count, Len, Mac vendor as some xxxxxxx

I used nmap -sS -O 192.168.1.100
Host seems down is the message i received

Cheers
Vp
eCPPT
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Fri Jul 15, 2011 2:02 am

Re: Learning Phase on Pentest - De-ICE

I'm slightly confused as to the router configuration.  What kind of router is it - wireless router?  A DHCP server is functionality found on most consumer routers now days.  The service will lease IP addresses to other devices that connect to it.  Usually the IP address you configure for the router will reside on the same subnet that it leases IP addresses for.  For example, if you configure the router to have an IP address of 192.168.1.1, the DHCP service will lease addresses on the 192.168.1.x subnet (e.g. 192.168.1.10, 192.168.1.11, etc).  Here's a screenshot of the configuration page for my router (Linksys WRT54G2) where I define the local router IP.  You can see that it auto-filled the 3rd octet with "1" so that the IP addresses it leases are on the same network as the router itself.

Image

It looks like your router is still configured for the default 192.168.0.x subnet and the BT VM is getting a DHCP IP addresses from the router for that same 192.168.0.x subnet.  Since the De-ICE disc has a static IP address of 192.168.1.100 while the BT VM and router are on the 192.168.0.x subnet, there's no route from the BT VM to the router to the De-ICE VM.  I think as soon as you get the router configured for the 192.168.1.x subnet and make it so that the DHCP server on the router leases IP's on the same 192.168.1.x subnet, you should be good to go.

As for why your BT VM is finding the De-ICE disc using netdiscover...since netdiscover uses ARP to discover devices, my guess is that the BT VM is picking up the ARP traffic that's being broadcast by the De-ICE disc.
Last edited by lorddicranius on Fri Jul 15, 2011 2:06 am, edited 1 time in total.
GSEC, eCPPT, Sec+
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software