DC: 3.2

DCAU 25 Apr 2020

Description

DC-3 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.

As with the previous DC releases, this one is designed with beginners in mind, although this time around, there is only one flag, one entry point and no clues at all.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.

For those with experience doing CTF and Boot2Root challenges, this probably won't take you long at all (in fact, it could take you less than 20 minutes easily).

If that's the case, and if you want it to be a bit more of a challenge, you can always redo the challenge and explore other ways of gaining root and obtaining the flag.

Technical Information

DC-3 is a VirtualBox VM built on Ubuntu 32 bit, so there should be no issues running it on most PCs.

Please note: There was an issue reported with DC-3 not working with VMware Workstation. To get around that, I recommend using VirtualBox, however, I have created a separate DC-3 VMware edition for those who can only use VMware.

It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.

Installation is simple - download it, unzip it, and then import it into VirtualBox and away you go.

Important

While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.

In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.

Contact

I'm also very interested in hearing how people go about solving these challenges, so if you're up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you've DM'd me if you'd prefer).

I can be contacted via Twitter - @DCAU7

DC: 2

DCAU 22 Mar 2019

Description

Much like DC-1, DC-2 is another purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.

As with the original DC-1, it's designed with beginners in mind.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

Just like with DC-1, there are five flags including the final flag.

And again, just like with DC-1, the flags are important for beginners, but not so important for those who have experience.

In short, the only flag that really counts, is the final flag.

For beginners, Google is your friend. Well, apart from all the privacy concerns etc etc.

I haven't explored all the ways to achieve root, as I scrapped the previous version I had been working on, and started completely fresh apart from the base OS install.

Technical Information

DC-2 is a VirtualBox VM built on Debian 32 bit, so there should be no issues running it on most PCs.

While I haven't tested it within a VMware environment, it should also work.

It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.

Installation is simple - download it, unzip it, and then import it into VirtualBox and away you go.

Please note that you will need to set the hosts file on your pentesting device to something like:

192.168.0.145 dc-2

Obviously, replace 192.168.0.145 with the actual IP address of DC-2.

It will make life a whole lot simpler (and a certain CMS may not work without it).

If you're not sure how to do this, instructions are here.

Important

While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.

In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.

Contact

This is the second vulnerable lab challenge that I've created, so feel free to let me know what you think of it.

I'm also very interested in hearing how people go about solving these challenges, so if you're up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you've DM'd me if you'd prefer).

I can be contacted via Twitter - @DCAU7

jigsaw: 1

Zayotic 10 May 2019

Name: jigsaw: 1

Difficulty: Hard

Tested: VMware Workstation 15 Pro & VirtualBox 6.0

DHCP Enabled

After the hacking of their french website, the website is under maintenance with restricted access to admins ... Multiple bugs and flaws are still present on the website and hackers can penetrate and take control of the server ... Difficulty : educative challenge for beginner... Seven flags to collect... Good luck and happy hacking !!

This is the second Simple Boot2root for the Security Hackadeny (https://www.security-hackademie.de/) and for virtualbox. Try to break in and get the User and root Flag

Simple Boot2root for beginner/immediate. This challenge is made for the Security Hackadeny (https://www.security-hackademie.de/). Made for virtualbox

middle-class lab

There are different tasks in the lab. It is very joyful.

Description: Zeus is an intermediate level boot2root VM. Your goal is to get root and read the flags. Tested on VMware.

Difficulty: Medium

Flags: user.txt and root.txt

Networking: Static IP ~ 192.168.131.170

Jerome has created some awesome recipes. Can you find them?

Flags - /root/flag.txt - /home/jerome/flag.txt

Tested with VirtualBox

DHCP enabled

Difficulty: Intermediate

Should not be as easy as to just run a MSF module to get root right away, if so please let me know.

Can you break free from Harrison's prison?

Flags - /root/flag.txt

Tested with VirtualBox

DHCP enabled

Difficulty: Intermediate

Should not be as easy as to just run a MSF module to get root right away, if so please let me know.