DC-6 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.
This isn’t an overly difficult challenge so should be great for beginners.
The ultimate goal of this challenge is to get root and to read the one and only flag.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
NOTE: You WILL need to edit your hosts file on your pentesting device so that it reads something like:
192.168.0.142 wordy
CLUE
OK, this isn’t really a clue as such, but more of some “we don’t want to spend five years waiting for a certain process to finish” kind of advice for those who just want to get on with the job.
cat /usr/share/wordlists/rockyou.txt | grep k01 > passwords.txt That should save you a few years. ;-)
Enumeration
More Enumeration…
We got some users, let’s try brute forcing.
- admin
- jens
- sarah
- graham
- mark
Creds => mark:helpdesk01
We can use the this exploit for reverse shell : WordPress Plugin Plainview Activity Monitor 20161228 — (Authenticated) Command Injection
Privilege Escalation
