DC1 VULNHUB.

DC-1 Penetration Testing Lab Overview.

Objective:

Gain experience in penetration testing through a purposely built vulnerable lab.

Target Audience:

Beginners with basic Linux skills and familiarity with the command line and penetration testing tools (e.g., Kali Linux, Parrot Security OS).

Challenge Details:

• Total Flags: 5 (clues provided for beginners).

• Ultimate Goal: Access and read the flag in the root’s home directory.

• Privilege Requirement: Root privileges needed for final flag, but not to access other flags.

Approach:

• Explore multiple pathways to gain root access.
• Beginners may face unfamiliar challenges; online resources can assist in overcoming these.

Key Skills Required:

• Basic Linux command line proficiency
• Familiarity with penetration testing methodologies and tools

Active Host discovery:

The netdiscover -i eth0 command is used to scan the local network for active hosts on the specified interface (eth0).

Scanning:

The command nmap -Pn -A 192.168.1.109 performs an in-depth scan of the IP address 192.168.1.109. It bypasses host discovery with the -Pn option, assuming the host is online, and uses the -A flag to enable advanced features like operating system detection and version identification of services.

The command gobuster dir -u http://192.168.1.109/ -w /usr/share/wordlists/dirb/big.txt is utilized to perform directory brute-forcing on the web server at the specified URL. It employs the gobuster tool to search for hidden directories and files by referencing a wordlist located at /usr/share/wordlists/dirb/big.txt.

Upon confirming that port 80 is running HTTP, we proceed to access the IP address using a web browser.

Using metasploitable for gaining access.

We got the meterpreter shell access successfully.

We then utilize the lscommand to list the files and identify flag1.txt. Subsequently, we employ thecatcommand to retrieve the contents of this file, thereby obtaining our first flag.

First, we navigate to the sites directory and list the files and subdirectories. Within this listing, we identify settings.php. We then use the cat command to display its contents, which reveals our flag2.

To obtain flag 3, we will use the provided credentials to access the MySQL database. To facilitate this, we need to convert our Meterpreter session into an interactive shell. We now have access to the database, where we have identified a database nameddrupaldb.

We now switch to the drupaldb database and proceed to view its tables. Subsequently, we select theusers table and execute a query to retrieve all records using drupaldbSELECT * FROM users;.

Using Hashcat, we successfully crack the hash associated with the admin account.

We navigate to the home directory, where we successfully locate our flag4 and for the last flag we have to switch to the root user.

To access the root directory, we must obtain root permissions. We will use the command find. -exec /bin/sh \;-quit, which spawns a shell with elevated privileges, enabling us to open the root directory.

And it's done, the 5th flag was the Final Flag.