De-ICE: S1.100

  • Name: De-ICE: S1.100
  • Date release: 28 Feb 2007


(Size: 196 MB)

-- S1.100


The scenario for this LiveCD is that a CEO of a small company has been pressured by the Board of Directors to have a penetration test done within the company. The CEO, believing his company is secure, feels this is a huge waste of money, especially since he already has a company scan their network for vulnerabilities (using nessus). To make the BoD happy, he decides to hire you for a 5-day job; and because he really doesn't believe the company is insecure, he has contracted you to look at only one server - a old system that only has a web-based list of the company's contact information.

The CEO expects you to prove that the admins of the box follow all proper accepted security practices, and that you will not be able to obtain access to the box. Prove to him that a full penetration test of their entire corporation would be the best way to ensure his company is actually following best security practices.


PenTest Lab Disk 1.100: This LiveCD is configured with an IP address of - no additional configuration is necessary.

Pentest Machine:

Your second system will use the BackTrack (v.2) LiveCD as provided by A copy of the LiveCD can be downloaded from This disk is configured to obtain an IP address through DHCP - thus no additional configuration is required. All tools necessary to exploit Disk 1.100 can be found on the BackTrack Disk. No additional installations will be necessary.

Router Configuration:

The PenTest Lab system and the PenTest machine must connect to a router that has been configured with the following values: + DHCP Server: active + Pool Starting Addr.:

LAN TCP/IP: + IP Address: + IP Subnet Mask:


-- Level 1

Where to get the current PenTest Lab Level 1 disks: = =

The MD5 Hash Values of Each Disk:

a3341316ca9860b3a0acb06bdc58bbc1 ==> a626d884148c63bfc9df36f2743d7242 ==>

Where to get the scenario information for each disk: = =

Where to get the BackTrack disk: (NOTE: version "bt20061013.iso" and "BT2_Beta-Nov_19_2006.iso" were used to exploit the PenTest disks. Newer (when released) and older versions may work just as well).

Where to get the network configuration information:

Network configuration: =


Original filename: Also known as 'De-ICE Level 1 - Disk 1'

  • Filename: De-ICE_S1.100.iso
  • File size: 196 MB
  • MD5: A3341316CA9860B3A0ACB06BDC58BBC1
  • SHA1: 7514DAD5152D3D886112FA9E5C0C2D558A71B70C

  • Format: Disk Image (.ISO)
  • Operating System: Linux

  • DHCP service: Disabled
  • IP address:

  • OpenSSH
  • Openwall POPa3d
  • PHP
  • Sendmail
  • UW IMAPd
  • vsFTPd

Encrypted salary file Broken FTP service

  • Improper Access Control
  • Weak Credentials