Chuyển đến nội dung chính

Hướng Dẫn Thực Hành - BackTrack Reset Root Password (Lesson 2)

Bài thực hành reset password của máy ảo cài công cụ backtrack
  1. Overview
    • This labs shows you a quick and easy way reset the root password on a VMware BackTrack5Rx instance using a live CD.
    • It's embarrassing enough to forget, lose, or simply not know the root password to your machine.  It's even more embarrassing to forget, lose, or mistake the root password to your penetration testing machine. :)
  2. Prerequisite
  3. Lab Notes
    • In this lab we will do the following:
      1. Use a BackTrack Live CD/iso to mount up disk partition that contains /etc/shadow
      2. We will clear out the root password
      3. We will reset the root password
       
  4. YouTube Video (chưa cập nhật)

Section 1. Startup the BackTrack Virtual Machine

  1. Start Up BackTrack.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine
  2. Use the WRONG password to Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: Type in the wrong password on purpose!!!

Section 2. Edit Virtual Machine Settings
  1. Make sure your CD/DVD Drive is connected.
    • Instructions:
      1. Virtual Machine --> Removable Devices --> Connect
  2. Make sure your CD/DVD Drive is connected.
    • Instructions:
      1. Virtual Machine --> Virtual Machine Settings...
  3. Set Machine to Boot From CD/DVD
    • Instructions:
      1. Select CD/DVD (IDE)
      2. Select the "Use ISO image file" radio button.
      3. Browse to the location of your BT5Rx-GNOME.iso or other Live CD. (phiên bản trong video hướng dẫn là R2)
      4. Select OK.
  4. Reset BackTrack
    • Instructions:
      1. Virtual Machine --> Power --> Reset
  5. Booting from the ISO (Step 1)
    • Instructions:
      1. At the same time, Click the right mouse key and the press the ESC button, when the screen starts to change to the VMware screen below.
    • Note(FYI):
      • This might take you a few times so be patient!!!
  6. Booting from the ISO (Step 2)
    • Instructions:
      1. Arrow Down to "CD-ROM Drive"
      2. Press Enter
  7. Boot
    • Instructions:
      1. Press Enter
  8. Boot BackTrack Live CD
    • Instructions:
      1. Select "BackTrack Text - Default Boot Text Mode"
      2. Press Enter
  9. BackTrack5 Command Line
    • Note:
      • This is the screen you will see to begin the reset process.

Section 3. Mounting the Boot Disk
  1. Discover the Boot Disk
    • Instruction:
      1. fdisk -l
    • Note(FYI):
      • This server was built with all the directories under the same partition.
      • Typically, productions servers will have a partition per file system.  In our case, this server was built with all the directory and filesystems under one partition.
      • In the next step, we will mount up the /dev/sda1 partition.
  2. Mount the Boot Partition
    • Instruction:
      1. mount /dev/sda1 /mnt
      2. df -k
    • Note(FYI):
      • Since, all filesystems and directories are located under /dev/sda1 we will be able to access any file.
  3. Navigate to the etc directory
    • Instruction:
      1. cd /mnt/etc
      2. ls -l | grep shadow
      3. md5sum /mnt/etc/shadow > /mnt/var/tmp/before.txt
        • This is part of the proof of lab.
    • Note(FYI):
      • By mounting /dev/sda1 to the /mnt directory, we now have access to the shadow file.
  4. Edit the shadow file
    • Instruction:
      1. vi shadow
  5. Edit the shadow file
    • Instruction:
      1. Right arrow over to the immediate next right position of the first colon.
      2. Press the "x" to delete all the characters, until you get to the second colon.  Note, do not delete the colons.
  6. Saving the shadow file
    • Instruction:
      1. Press the "Esc" key
      2. Press <Shift> and the ":" key.
      3. Type wq!
      4. Press enter
    • Note(FYI):
      • Congratulations, You effectively cleared out the root password.
  7. Post Lab Verification
    • Instruction:
      1. md5sum /mnt/etc/shadow > /mnt/var/tmp/after.txt
      2. ls -l /mnt/var/tmp/*.txt
      3. cat /mnt/var/tmp/*.txt
    • Note(FYI):
      • The above command are not required to reset/clear the root password.
      • This is only part of our pre-proof of lab instructions.

Section 4. Reboot BackTrack
  1. Reboot the server
    • Instruction:
      1. shutdown -r now
      2. Press <Enter> when you see the line that says "Please remove the disc and close ..."
  2. Login as root
    • Instruction:
      1. Type "root" at the bt login: prompt.
    • Note:
      • After you press enter, you will not be prompted for the root password.
  3. Change Root Password
    • Instruction:
      1. passwd root
        • Set the root password to our standard classroom password.

Section 5. Proof of Lab
  1. Proof of Lab
    • Instruction:
      1. ls -l /var/tmp/*.txt
      2. md5sum /etc/passwd
      3. md5sum /var/tmp/*.txt
      4. date
      5. echo "Tên của bạn"

Section 6. Post Lab Clean Up
  1. Change Back the Virtual Machine Settings
    • Instruction:
      1. Virtual Machine --> Virtual Machine Settings...
  2. Change CD/DVD Settings
    • Instruction:
      1. Select CD/DVD (IDE)
      2. Select radio button "Use physical drive:" and make sure "Auto detect" is selected.

 




  
Nhãn:

Bài đăng phổ biến từ blog này

Hack the Gibson VM (CTF Challenge)

It’s a boot2root challenge and it does not get over with getting root access. You have to find flag also. So let’s start. First of all download lab from https://download.vulnhub.com/gibson/gibson.ova Now open kali terminal and like always start with first step i.e. netdiscover netdiscover it shows all the hosts those are up in our network and from here we get our target ip. Target IP: 192.168.1.6 As our target is all set we are going to scan it with nmap which will show all the open ports. In this case open ports are only two i.e. 22 and 80. nmap –p- -A 192.168.1.6 As from the above result we have got 80 port open so we will open target ip in browser. It shows an accessible directory. Let’s try opening it as we cannot see anything important here. Oh no such luck with this also. It’s written the result will be found by brute force but there is no place where we can apply brute force. As we do not have any other option so let’s just go to view page source to see if we could get a...
Đọc thêm

Penetration Testing in PwnLab (CTF Challenge)

In this article we will walkthrough a root2boot penetration testing challenge i.e PwnLab. PwbLab is a vulnerbale framework, based on the concept of CTF (capture the flag), with a bit of security which is a little complicated to bypass. But it’s not impossible. So, let us learn how we can get its access. Download From Here Now to start let us, firstly, consider that we do not know the IP of the PwnLab, therefore search for the IP address before hand and for that there is a command that shows us all the IP’s present in our network, so go to the terminal of you Kali and type : netdiscover Target IP = 192.168.0.105 And to know that we start our penetration testing. So, first, we will now scan with nmap , we will apply an aggressive scan as it gives detailed information and is fast. The command is : nmap -A 192.168.0.105 We have the result of scanning and as you can see there are only three ports open and they are: 80, 111, 3306. Our target IP is 192.168.0.105 as its MAC Vendor is...
Đọc thêm

Hack the Pentester Lab: from SQL injection to Shell II (Blind SQL Injection)

Today we are going to perform penetration testing with part II of previous lab, download it from  here . Now install the iso image in VM ware and start it. In this lab task level is intermediate and challenge is to gain access of administration console and then upload a PHP webshell. Start Kali Linux then open the terminal and  type netdiscover  command for scanning network. Here  192.168.1.102  is my target IP which is shown in the screenshot. Now explore this IP in browser. When you will open target IP in browser you will get a web page having heading My Awesome Photoblog . On the top of left side it contains some tags: home; test; ruxcon; 2010; all pictures; admin. Now  Click  on  test . The given URL : http://192.168.1.102/cat.php?id=1  will run sql query for  ID 1  now let try to find out whether the above URL is vulnerable to sql injection or not by adding( ‘) apostrophe at last of URL: http://192.168.1.102/cat.p...
Đọc thêm