In a series of previous posts, I built a virtual Windows domain and a virtual DMZ which hosted a screened subnet. The point of the exercise was to build a network of servers and firewalls from the ground up. Once built the network could then be configured as required to test various penetration attacks, security audits or any other relevant testing scenarios you might want to create.
Of course while it was good practice, it wasn’t completely necessary to build the network. There are a whole host of vulnerable platforms that have been built with deliberate flaws in their configuration or in the services running on them. Generally the ultimate goal of most of the platforms is to break into the server and gain root access or to access sensitive files on the server. To do so you need to use various tools and gain a certain level of expertise.
First up is De-ICE 100. I’ll post the methods and tools I used to break into this system in the coming days.
If you have cracked these systems and see improvements in what I am doing, used different tools or reached the end-point in a different way. Please contact me as I post my work and share your thoughts…