Chuyển đến nội dung chính

Hướng Dẫn Thực Hành - BackTrack Reset Root Password (Lesson 2)

Bài thực hành reset password của máy ảo cài công cụ backtrack
  1. Overview
    • This labs shows you a quick and easy way reset the root password on a VMware BackTrack5Rx instance using a live CD.
    • It's embarrassing enough to forget, lose, or simply not know the root password to your machine.  It's even more embarrassing to forget, lose, or mistake the root password to your penetration testing machine. :)
  2. Prerequisite
  3. Lab Notes
    • In this lab we will do the following:
      1. Use a BackTrack Live CD/iso to mount up disk partition that contains /etc/shadow
      2. We will clear out the root password
      3. We will reset the root password
       
  4. YouTube Video (chưa cập nhật)

Section 1. Startup the BackTrack Virtual Machine

  1. Start Up BackTrack.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine
  2. Use the WRONG password to Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: Type in the wrong password on purpose!!!

Section 2. Edit Virtual Machine Settings
  1. Make sure your CD/DVD Drive is connected.
    • Instructions:
      1. Virtual Machine --> Removable Devices --> Connect
  2. Make sure your CD/DVD Drive is connected.
    • Instructions:
      1. Virtual Machine --> Virtual Machine Settings...
  3. Set Machine to Boot From CD/DVD
    • Instructions:
      1. Select CD/DVD (IDE)
      2. Select the "Use ISO image file" radio button.
      3. Browse to the location of your BT5Rx-GNOME.iso or other Live CD. (phiên bản trong video hướng dẫn là R2)
      4. Select OK.
  4. Reset BackTrack
    • Instructions:
      1. Virtual Machine --> Power --> Reset
  5. Booting from the ISO (Step 1)
    • Instructions:
      1. At the same time, Click the right mouse key and the press the ESC button, when the screen starts to change to the VMware screen below.
    • Note(FYI):
      • This might take you a few times so be patient!!!
  6. Booting from the ISO (Step 2)
    • Instructions:
      1. Arrow Down to "CD-ROM Drive"
      2. Press Enter
  7. Boot
    • Instructions:
      1. Press Enter
  8. Boot BackTrack Live CD
    • Instructions:
      1. Select "BackTrack Text - Default Boot Text Mode"
      2. Press Enter
  9. BackTrack5 Command Line
    • Note:
      • This is the screen you will see to begin the reset process.

Section 3. Mounting the Boot Disk
  1. Discover the Boot Disk
    • Instruction:
      1. fdisk -l
    • Note(FYI):
      • This server was built with all the directories under the same partition.
      • Typically, productions servers will have a partition per file system.  In our case, this server was built with all the directory and filesystems under one partition.
      • In the next step, we will mount up the /dev/sda1 partition.
  2. Mount the Boot Partition
    • Instruction:
      1. mount /dev/sda1 /mnt
      2. df -k
    • Note(FYI):
      • Since, all filesystems and directories are located under /dev/sda1 we will be able to access any file.
  3. Navigate to the etc directory
    • Instruction:
      1. cd /mnt/etc
      2. ls -l | grep shadow
      3. md5sum /mnt/etc/shadow > /mnt/var/tmp/before.txt
        • This is part of the proof of lab.
    • Note(FYI):
      • By mounting /dev/sda1 to the /mnt directory, we now have access to the shadow file.
  4. Edit the shadow file
    • Instruction:
      1. vi shadow
  5. Edit the shadow file
    • Instruction:
      1. Right arrow over to the immediate next right position of the first colon.
      2. Press the "x" to delete all the characters, until you get to the second colon.  Note, do not delete the colons.
  6. Saving the shadow file
    • Instruction:
      1. Press the "Esc" key
      2. Press <Shift> and the ":" key.
      3. Type wq!
      4. Press enter
    • Note(FYI):
      • Congratulations, You effectively cleared out the root password.
  7. Post Lab Verification
    • Instruction:
      1. md5sum /mnt/etc/shadow > /mnt/var/tmp/after.txt
      2. ls -l /mnt/var/tmp/*.txt
      3. cat /mnt/var/tmp/*.txt
    • Note(FYI):
      • The above command are not required to reset/clear the root password.
      • This is only part of our pre-proof of lab instructions.

Section 4. Reboot BackTrack
  1. Reboot the server
    • Instruction:
      1. shutdown -r now
      2. Press <Enter> when you see the line that says "Please remove the disc and close ..."
  2. Login as root
    • Instruction:
      1. Type "root" at the bt login: prompt.
    • Note:
      • After you press enter, you will not be prompted for the root password.
  3. Change Root Password
    • Instruction:
      1. passwd root
        • Set the root password to our standard classroom password.

Section 5. Proof of Lab
  1. Proof of Lab
    • Instruction:
      1. ls -l /var/tmp/*.txt
      2. md5sum /etc/passwd
      3. md5sum /var/tmp/*.txt
      4. date
      5. echo "Tên của bạn"

Section 6. Post Lab Clean Up
  1. Change Back the Virtual Machine Settings
    • Instruction:
      1. Virtual Machine --> Virtual Machine Settings...
  2. Change CD/DVD Settings
    • Instruction:
      1. Select CD/DVD (IDE)
      2. Select radio button "Use physical drive:" and make sure "Auto detect" is selected.

 




  
Nhãn:

Bài đăng phổ biến từ blog này

Pentest lab - Metasploitable 2

Today I will walk through different ways of exploiting Metasploitable 2, the newer release of Rapid7’s popular vulnerable machine. First, what is Metasploitable? Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. In my lab environment, the IP of the attacker machine is 192.168.127.159, and the victim machine is 192.168.127.154. Since this is a test lab, I won’t be concerned about stealth. Instead, I will try to get the most information out of the scans. Let’s start by port scanning the target with nmap. I did a full port, aggresive scan against the target. Here are the results. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 ...
Đọc thêm

Metasploitable 2 vulnerability assessment

A vulnerability assessment is a crucial part in every penetration test and is the process of identifying and assessing vulnerabilities on a target system. In this part of the tutorial we will be assessing the vulnerabilities available on the network side of the Metasploitable 2 virtual machine. We will be assessing the web applications on the Metasploitable 2 machine in a later tutorial. In the previous Metasploit enumeration and fingerprinting tutorial we’ve learned that the Metasploitable 2 machine contains a lot of vulnerabilities. We have collected valuable information about the target system which we will be using to find known vulnerabilities both on- and offline. Exploitation of these vulnerabilities will be demonstrated in the next exploitation tutorial. In this tutorial we will be looking at a few different ways to perform vulnerability analysis. We will be manually searching for exploits, use scanning tools like Nmap with scripts and we will be...
Đọc thêm

CEH v9 (CEHVIETNAM.COM) - Hacking Metasploitable Lab

CEH v9 : Hacking Metasploitable VM In this guide, I will demonstrate how to root a Metasploitable 2 virtual machine. Metasploitable is an intentionally vulnerable Ubuntu machine. I’ll explore just a few of the many ways Metasploitable can be attacked, from vulnerabilities in common services to little known exploits and web vulnerabilities. I’ve set up Kali Linux and Metasploitable VMs in VirtualBox on the same network (bridged mode). Kali – 192.168.56.101 Metasploitable – 192.168.56.102 - Hãy thay IP của bạn cho thích hợp Contents   1 Footprinting 1.1 Ping 1.2 Traceroute 2 Scanning 2.1 Port Scanning 2.2 OS Fingerprinting 2.2.1 nmap 2.2.2 xprobe2 3 Enumeration 3.1 FTP (TCP 21) Enumeration 3.2 Telnet (TCP 53) Enumeration 3.3 SMTP (TCP 25) Enumeration 3.4 VNC (TCP 5900) Enumeration 3.5 X11 (TCP 6000) Enumeration 3.6 RLogin (TCP 513) Enumeration 3.7 IRC (TCP 6667) Enumeration 4 Exploitation 4.1 FTP Exploit 4.2 VNC Password Cracking 4.3 IRC E...
Đọc thêm