Post

DC : 2

Posted Updated
DC-2 Machine 🖥️
DC-2 Machine 🖥️
By Shivendra Prajapati
3 min read

Description ⤵️

💡 DC :2 ➡️

Much like DC-1, DC-2 is another purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.

As with the original DC-1, it is designed with beginners in mind.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

Just like with DC-1, there are five flags including the final flag.

And again, just like with DC-1, the flags are important for beginners, but not so important for those who have experience.

In short, the only flag that really counts, is the final flag.

For beginners, Google is your friend. Well, apart from all the privacy concerns etc etc.

I have not explored all the ways to achieve root, as I scrapped the previous version I had been working on, and started completely fresh apart from the base OS install.

TECHNICAL INFORMATION

DC-2 is a VirtualBox VM built on Debian 32 bit, so there should be no issues running it on most PCs.

While I have not tested it within a VMware environment, it should also work.

It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.

Installation is simple - download it, unzip it, and then import it into VirtualBox and away you go.

Please note that you will need to set the hosts file on your pentesting device to something like:

192.168.0.145 dc-2

Obviously, replace 192.168.0.145 with the actual IP address of DC-2.

It will make life a whole lot simpler (and a certain CMS may not work without it).

If you’re not sure how to do this, instructions are here.

IMPORTANT

While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.

In saying that, there should not be any problems, but I feel the need to throw this out there just in case.

CONTACT

This is the second vulnerable lab challenge that I’ve created, so feel free to let me know what you think of it.

I’m also very interested in hearing how people go about solving these challenges, so if you’re up for writing a , please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you’ve DM’d me if you’d prefer).

I can be contacted via Twitter - @DCAU7

Let’s find the IP Address first »

156-1.png

1

IP →  10.0.2.7

Port Scan Results ➡️

156-3.png

156-2.png

1
2
3

OPEN PORTS >
80   HTTP
7744 SSH

Web Enumeration ⤵️

156-4.png

WordPress 4.7.10

wpscan →

156-5.png

156-6.png

156-7.png

Now generate the password using tool cewl

156-8.png

156-9.png

After bruteforcing the username as tom and password as generated from cewl Tool →

1

tom : parturient

156-10.png

1

jerry : adipiscing

156-11.png

flag3.txt →

156-17.png

flag4.txt →

156-13.png

Now it is a restricted bash so I have to deal with it so lets see →

I can use ls → with that I can see many things inside /home/tom/usr/bin

156-14.png

commands →

1
2
3
4

{: .nolineno}
1. vi
2. :set shell=/bin/bash
3. :shell

156-16.png

Now I can perform something →

156-18.png

156-19.png

156-20.png

156-21.png

Summery Notes →

→ The problem part was to get rid from restrictive bash

→ When I knew what to do ,To do so it was like holy shit !!

→ set all was shit.

If you have any questions or suggestions, please leave a comment below. Thank You !

Proving Grounds, Play, DC
Password Generate rbash Wordpress PrivEsc cewl DC CMS git
This post is licensed under CC BY 4.0 by the author.