DC-6 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.
This isn’t an overly difficult challenge so should be great for beginners.
The ultimate goal of this challenge is to get root and to read the one and only flag.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
DC-6 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration…
NOTE: You WILL need to edit your hosts file on your pentesting device so that it reads something like:
OK, this isn’t really a clue as such, but more of some “we don’t want to spend five years waiting for a certain process to finish” kind of advice for those who just want to get on with the job.
cat /usr/share/wordlists/rockyou.txt | grep k01 > passwords.txt That should save you a few years. ;-)
We got some users, let’s try brute forcing.
Creds => mark:helpdesk01
We can use the this exploit for reverse shell : WordPress Plugin Plainview Activity Monitor 20161228 — (Authenticated) Command Injection