Post

DC : 4

Posted Updated
DC-4 Machine 🖥️
DC-4 Machine 🖥️
By Shivendra Prajapati
2 min read

Description ⤵️

💡 DC-4 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.
Unlike the previous DC releases, this one is designed primarily for beginners/intermediates. There is only one flag, but technically, multiple entry points and just like last time, no clues.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I would not give you the answer, instead, I’ll give you an idea about how to move forward.
TECHNICAL INFORMATION
DC-4 is a VirtualBox VM built on Debian 32 bit, so there should be no issues running it on most PCs.
If there are any issues running this VM in VMware, have a read through of this.
It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.
Installation is simple - download it, unzip it, and then import it into VirtualBox and away you go.
IMPORTANT
While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.
In saying that, there should not be any problems, but I feel the need to throw this out there just in case.
CONTACT
I’m also very interested in hearing how people go about solving these challenges, so if you’re up for writing a , please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you’ve DM’d me if you’d prefer).
I can be contacted via Twitter - @DCAU7

Let’s find the IP Address first »

158-1.png

1

IP → 10.0.2.9

Port Scan Results ➡️

158-2.png

1
2
3

OPEN PORTS >
22  SSH
80  HTTP

Web Enumeration ⤵️

158-3.png

Lets fire up the burpsuites and see what I can do on this login page →

158-4.png

158-5.png

After login →

1
2
3

{: .nolineno}
admin : happy

158-6.png

158-7.png

Now lets try reverse shell code →

I got in →

158-8.png

158-9.png

158-10.png

1
2
3

Now I have some credentials → 
	
jim : jibril04

158-11.png

158-12.png

1

charles : ^xHhA&hvim0y

158-13.png

with teehee command works similar like tee so I am going to add a user with root permissions →

1

commands → shiva::0:0:::/bin/bash → with no passwords set

158-14.png

158-15.png

158-16.png

Summery Notes →

NOTEtee or teehee -a /etc/passwd

→ Then adding a null user with no password but as a root was very nice move.

If you have any questions or suggestions, please leave a comment below. Thank You !

Proving Grounds, Play, DC
Password Bruteforce LFI PrivEsc DC Command Injection
This post is licensed under CC BY 4.0 by the author.