Owning Kioptrix Level 3

Introduction:
Kioptrix is a vuln by design OS made to we try on it pentration testing

view the video online : http://blip.tv/jac0bn3t/owning-kioptrix-level-3-5385433
download the video : http://blip.tv/file/get/Jac0bn3t-OwningKioptrixLevel3489.mp4

what i have use on this video :

*OS: backtrack 5 and Kioptrix
*camtasio studio recorder and editor
*all other software can be found on backtrack ( to simply backtrack 5 is the best)
*md5decrypter.co.uk (online md5 hash decrypter)

hacking steps :

*first we scan for live host using nmap :

"nmap -sn -n 192.168.1.100/24 (this value 192.168.*.* change on your dhcp server)"

*ok our target is a live
*lets scan for open ports and the version of evry port

"nmap -sS -sV 192.168.1.106 -n "

*nice we have httpd:80 open port and ssh:22 open port
*lets go a and check this web page ( a lote of pages and links )
*the attacker want to now all page of this web site
*i have use dirbuster for scanning this website i can see that ther is a page /gallery
*so lets check the code source of this page
*we found that we the web site is powerder by a gallery manager "gallerific"
*ok the attacker need exploit for me its exploit-db.com
*nice thi web application is vuln whit a possible sqli vulnrablity
*how to injecte the web site the way is on the video from 3:00 to 7:18
*ok nice we have the ssh usernames and password
*but the passwords are encrypted whit a md5 hash we need the decrypte the hash
*for me its md5decrypter.co.uk you can choose any online md5 decrypter
*and ther we go we have the real passwrds now lets go and connect over this system
"ssh 192.168.1.106 -l loneferret
*he gonna ask you for a password wel password is what we have decrypter find "starwars"

notes:
*sorry for my bad english
*backtrack 5 has bad transparency im working on the theme