It is an OSCP-like box, where the initial credentials can be found by converting binary to ascii. We found another creds in system log file. Used this creds to access ssh and priv esc to root by ex...
DC 6 Walkthrough
DC-6 was a medium box. First, we add the domain name in the host file to access the website. Using wpscan we find out WordPress users. We Bruteforce and log in to WordPress. With a vulnerable plugi...
DC 5 Walkthrough
DC-5 starts with discovery of a relatively obvious local file include vulnerability drives us towards a web shell via log poisoning. Once we land a shell, we search for SUID binaries and priv esc t...
DC 4 Walkthrough
DC-4 is a good beginner-friendly box. We bruteforce the website and get admin password. with the help of OS command injection vulnerability get shell on box. The old-password list gives password of...
DC 3 Walkthrough
DC-3 was an easy machine. The website was hosted on Joomla. There was a sqli exploit that gives the admin password. By using an admin panel upload the shell. Priv esc using CVE. Summary Portsc...
DC 2 Walkthrough
DC-2 is an easy machine. This machine starts with a WordPress site. After brute-forcing, We find out creds on the website that we use to get an ssh session on the box. Priv esc to root by exploitin...
DC 1 Walkthrough
DC-1 was a simple and straightforward CVE based box. We find the server is hosting Drupal CMS. I saw that Drupal version had a CVE which allowed me drop a webshell in webserver. Priv esc to root by...