DC-1 Vulnhub – Description
DC-1 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing. It was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn. To successfully complete this challenge, you will require Linux skills, familiarity with the Linux command line and experience with basic penetration testing tools, such as the tools that can be found on Kali Linux, or Parrot Security OS. There are multiple ways of gaining root, however, some flags have been included containing clues for beginners. There are five flags in total, but the ultimate goal is to find and read the flag in root’s home directory. You don’t even need to be root to do this, however, you will require root privileges.
- IP Discovery using netdiscover
- Network scanning (Nmap)
- Surfing HTTPS service port (80)
- Finding Drupal CMS
- Exploiting Drupalgeddon2 to get a reverse shell
- Finding files with SUID bit set
- Finding the “find” command with SUID bit set
- Getting root shell with “find” command
- Getting final flag
- Using nmap to find opened ports & running services.
- Detecting technologies used to build web apps.
- Checking robots.txt file.
- Searching & using public exploits.
- Uploading shell to drupal CMS.
- Creating reverse shell using ncat (nc).
- Privilege escalation using SUID binaries.
- Collect important information from PHP configuration files.
- Cracking Linux credentials.
- root@kali:~# hydra -l root -P /usr/share/wordlists/rockyou.txt 10.0.2.6 ssh
- root@kali:~# ncrack -p 22 –user root -P /usr/share/wordlists/rockyou.txt 10.0.2.6
Creating admin user serachsploit
Drupal had insufficient input sanitation on Form API (FAPI) AJAX requests. As a result, this enabled an attacker to potentially inject a malicious payload into the internal form structure. This would have caused Drupal to execute it without user authentication. By exploiting this vulnerability an attacker would have been able to carry out a full site takeover of any Drupal customer.
Whenever getting a cannot load such file \\\”LoadError\\\” type of error, do run sudo gem install <missing dependency>. In particular, you may need to install the highline dependency with sudo gem install highline
Hope you learn something from this DC-1 Vulnhub Walkthrough.Tags: 2019 community tutorial vulnhub