Post

DC 6

Posted Updated
DC-6 Machine 🖥️
DC-6 Machine 🖥️
By Shivendra Prajapati 3 min read

Description ⤵️

💡 DC-6 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.
This is not an overly difficult challenge so should be great for beginners.
The ultimate goal of this challenge is to get root and to read the one and only flag.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I would not give you the answer, instead, I’ll give you an idea about how to move forward.
TECHNICAL INFORMATION
DC-6 is a VirtualBox VM built on Debian 64 bit, but there should not be any issues running it on most PCs.
I have tested this on VMWare Player, but if there are any issues running this VM in VMware, have a read through of this.
It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.
Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go.
NOTE: You WILL need to edit your hosts file on your pentesting device so that it reads something like:
192.168.0.142 wordy
NOTE: I’ve used 192.168.0.142 as an example. You’ll need to use your normal method to determine the IP address of the VM, and adapt accordingly.
This is VERY important.
And yes, it is another WordPress based VM (although only my second one).
IMPORTANT
While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.
In saying that, there should not be any problems, but I feel the need to throw this out there just in case.
CONTACT
I’m also very interested in hearing how people go about solving these challenges, so if you’re up for writing a , please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you’ve DM’d me if you’d prefer).
I can be contacted via Twitter - @DCAU7
CLUE
OK, this is not really a clue as such, but more of some “we do not want to spend five years waiting for a certain process to finish” kind of advice for those who just want to get on with the job.
cat /usr/share/wordlists/rockyou.txt | grep k01 > passwords.txt That should save you a few years. ;-)

Let’s find the IP Address first »

160-1.png

1

IP : 10.0.2.12

Port Scan Results ➡️

160-2.png

1
2
3

OPEN PORTS >
22  SSH
80  HTTP

Web Enumeration ⤵️

160-3.png

so with wpscan we got 5 users →

160-4.png

After checking all the things I got nothing so far then when I looked into the machine Site I got this →

160-5.png

Fucking hell →

160-6.png

Now lets try password Brute-force →

160-7.png

1

mark : helpdesk01

Time to log into the wordpress →

Untitled

I also searched an exploit related to Activity Monitor

160-9.png

Now time to use it →

160-10.png

SHELL ➡️

Now let is see the wp-config.php file →

160-11.png

1

meErKatZ

160-12.png

1

graham : GSo7isUM1D4

Lets change the username as graham now →

160-13.png

Lets see how jens can lead me to root →

160-14.png

160-15.png

160-16.png

If you have any questions or suggestions, please leave a comment below. Thank You !

Proving Grounds Play, DC
Public Exploit Recon Wordpress PrivEsc DC
This post is licensed under CC BY 4.0 by the author.