JUZ P3NT3$T (-)@$(-)!M

                     Well 15 days back I have written Walk-through of De-Ice 1.120a On My Blog . I got great response by vulnhub and they published my walk-through  https://www.vulnhub.com/author/trnform3r,152/ With a such a warm encouragement I feel like writing more walk-through. Here Is my walk-through on De-Ice 1.20b. You can download the VM and get more info about it form here . Note: The attacker machine and the VM should be in the subnet of 192.168.1.0/24 Labsetup:  1 - Open Vmware - > Edit - >"Virtual Network Editor" 2 - Click on "Add Network" and add any 1 Network example VMnet2 3 - Select VMnet2 and change Subnet IP - 192.168.1.0 and Subnet mask - 255.255.255.0 also select "Host - Only" 4 - Now add this adapter VMnet2 for both the machine. When you start the VM it looks something like this.

          Few days back my friend Chetan told to get hands on De Ice and Kioptrix series before taking PWK labs.The very next weekend I started with De-Ice http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso . As my bridge network was on 192.168.1.x series I thought of doing De-Ice 1.120a just by bridging the VM. One of the awesome URL that I found today was https://blog.g0tmi1k.com/2011/03/vulnerable-by-design/ . Enumeration: I started with nmap as usual to find all the open ports. I usually use version detection and aggressive scan in nmap.

1) Initially I tried nmap to discover the open ports shown below.

Step 1: Intercept the request where you would like to test directory traversal and file inclusion as shown below: