Chuyển đến nội dung chính

Hướng Dẫn Thực Hành - BackTrack Reset Root Password (Lesson 2)

Bài thực hành reset password của máy ảo cài công cụ backtrack
  1. Overview
    • This labs shows you a quick and easy way reset the root password on a VMware BackTrack5Rx instance using a live CD.
    • It's embarrassing enough to forget, lose, or simply not know the root password to your machine.  It's even more embarrassing to forget, lose, or mistake the root password to your penetration testing machine. :)
  2. Prerequisite
  3. Lab Notes
    • In this lab we will do the following:
      1. Use a BackTrack Live CD/iso to mount up disk partition that contains /etc/shadow
      2. We will clear out the root password
      3. We will reset the root password
       
  4. YouTube Video (chưa cập nhật)

Section 1. Startup the BackTrack Virtual Machine

  1. Start Up BackTrack.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine
  2. Use the WRONG password to Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: Type in the wrong password on purpose!!!

Section 2. Edit Virtual Machine Settings
  1. Make sure your CD/DVD Drive is connected.
    • Instructions:
      1. Virtual Machine --> Removable Devices --> Connect
  2. Make sure your CD/DVD Drive is connected.
    • Instructions:
      1. Virtual Machine --> Virtual Machine Settings...
  3. Set Machine to Boot From CD/DVD
    • Instructions:
      1. Select CD/DVD (IDE)
      2. Select the "Use ISO image file" radio button.
      3. Browse to the location of your BT5Rx-GNOME.iso or other Live CD. (phiên bản trong video hướng dẫn là R2)
      4. Select OK.
  4. Reset BackTrack
    • Instructions:
      1. Virtual Machine --> Power --> Reset
  5. Booting from the ISO (Step 1)
    • Instructions:
      1. At the same time, Click the right mouse key and the press the ESC button, when the screen starts to change to the VMware screen below.
    • Note(FYI):
      • This might take you a few times so be patient!!!
  6. Booting from the ISO (Step 2)
    • Instructions:
      1. Arrow Down to "CD-ROM Drive"
      2. Press Enter
  7. Boot
    • Instructions:
      1. Press Enter
  8. Boot BackTrack Live CD
    • Instructions:
      1. Select "BackTrack Text - Default Boot Text Mode"
      2. Press Enter
  9. BackTrack5 Command Line
    • Note:
      • This is the screen you will see to begin the reset process.

Section 3. Mounting the Boot Disk
  1. Discover the Boot Disk
    • Instruction:
      1. fdisk -l
    • Note(FYI):
      • This server was built with all the directories under the same partition.
      • Typically, productions servers will have a partition per file system.  In our case, this server was built with all the directory and filesystems under one partition.
      • In the next step, we will mount up the /dev/sda1 partition.
  2. Mount the Boot Partition
    • Instruction:
      1. mount /dev/sda1 /mnt
      2. df -k
    • Note(FYI):
      • Since, all filesystems and directories are located under /dev/sda1 we will be able to access any file.
  3. Navigate to the etc directory
    • Instruction:
      1. cd /mnt/etc
      2. ls -l | grep shadow
      3. md5sum /mnt/etc/shadow > /mnt/var/tmp/before.txt
        • This is part of the proof of lab.
    • Note(FYI):
      • By mounting /dev/sda1 to the /mnt directory, we now have access to the shadow file.
  4. Edit the shadow file
    • Instruction:
      1. vi shadow
  5. Edit the shadow file
    • Instruction:
      1. Right arrow over to the immediate next right position of the first colon.
      2. Press the "x" to delete all the characters, until you get to the second colon.  Note, do not delete the colons.
  6. Saving the shadow file
    • Instruction:
      1. Press the "Esc" key
      2. Press <Shift> and the ":" key.
      3. Type wq!
      4. Press enter
    • Note(FYI):
      • Congratulations, You effectively cleared out the root password.
  7. Post Lab Verification
    • Instruction:
      1. md5sum /mnt/etc/shadow > /mnt/var/tmp/after.txt
      2. ls -l /mnt/var/tmp/*.txt
      3. cat /mnt/var/tmp/*.txt
    • Note(FYI):
      • The above command are not required to reset/clear the root password.
      • This is only part of our pre-proof of lab instructions.

Section 4. Reboot BackTrack
  1. Reboot the server
    • Instruction:
      1. shutdown -r now
      2. Press <Enter> when you see the line that says "Please remove the disc and close ..."
  2. Login as root
    • Instruction:
      1. Type "root" at the bt login: prompt.
    • Note:
      • After you press enter, you will not be prompted for the root password.
  3. Change Root Password
    • Instruction:
      1. passwd root
        • Set the root password to our standard classroom password.

Section 5. Proof of Lab
  1. Proof of Lab
    • Instruction:
      1. ls -l /var/tmp/*.txt
      2. md5sum /etc/passwd
      3. md5sum /var/tmp/*.txt
      4. date
      5. echo "Tên của bạn"

Section 6. Post Lab Clean Up
  1. Change Back the Virtual Machine Settings
    • Instruction:
      1. Virtual Machine --> Virtual Machine Settings...
  2. Change CD/DVD Settings
    • Instruction:
      1. Select CD/DVD (IDE)
      2. Select radio button "Use physical drive:" and make sure "Auto detect" is selected.

 




  

Bài đăng phổ biến từ blog này

Hack the Gibson VM (CTF Challenge)

It’s a boot2root challenge and it does not get over with getting root access. You have to find flag also. So let’s start. First of all download lab from https://download.vulnhub.com/gibson/gibson.ova Now open kali terminal and like always start with first step i.e. netdiscover netdiscover it shows all the hosts those are up in our network and from here we get our target ip. Target IP: 192.168.1.6 As our target is all set we are going to scan it with nmap which will show all the open ports. In this case open ports are only two i.e. 22 and 80. nmap –p- -A 192.168.1.6 As from the above result we have got 80 port open so we will open target ip in browser. It shows an accessible directory. Let’s try opening it as we cannot see anything important here. Oh no such luck with this also. It’s written the result will be found by brute force but there is no place where we can apply brute force. As we do not have any other option so let’s just go to view page source to see if we could get a...

Penetration Testing in PwnLab (CTF Challenge)

In this article we will walkthrough a root2boot penetration testing challenge i.e PwnLab. PwbLab is a vulnerbale framework, based on the concept of CTF (capture the flag), with a bit of security which is a little complicated to bypass. But it’s not impossible. So, let us learn how we can get its access. Download From Here Now to start let us, firstly, consider that we do not know the IP of the PwnLab, therefore search for the IP address before hand and for that there is a command that shows us all the IP’s present in our network, so go to the terminal of you Kali and type : netdiscover Target IP = 192.168.0.105 And to know that we start our penetration testing. So, first, we will now scan with nmap , we will apply an aggressive scan as it gives detailed information and is fast. The command is : nmap -A 192.168.0.105 We have the result of scanning and as you can see there are only three ports open and they are: 80, 111, 3306. Our target IP is 192.168.0.105 as its MAC Vendor is...

Hacking the Heartbleed Vulnerability

Welcome back, my greenhorn hackers! In recent weeks, the Heartbleed vulnerability of OpenSSL has been dominating the information security headlines. This vulnerability enables an attacker to extract data from the server's memory that may contain authentication credentials, cookies, the servers private key, and personally identifiable info (PII) that could be used for identity theft. As a result, websites around the world have been scrambling to close this hole. Fortunately for us, many still have not, and many may never be closed. Basically, OpenSSL is an encryption library used in HTTPS (secure HTTP). The idea is that any data traveling over this secured version of HTTP should be secure and encrypted. During communication, OpenSSL uses a "heartbeat" that echoes back data to verify that the data was received correctly. It's kind of like one machine telling the other, "Yes, I got that data and you can send more now." The Heartbleed vulnerabi...