DC:8 Vuln Hub Machine Walkthrough | Cyber Security Course in Delhi | Craw Cyber Security
Summary
TLDRThis video tutorial guides viewers through exploiting a DC8 vulnerable machine step by step. Starting with scanning the network and identifying open ports, the instructor demonstrates SQL injection to access the database, retrieve user credentials, and crack hashed passwords using Hashcat. The tutorial then shows how to gain a reverse shell using PHP code injection, set up a Netcat listener, and escalate privileges with a local exploit for Exim. Finally, the video concludes with accessing the root directory and retrieving the flag, providing a comprehensive hands-on demonstration of penetration testing techniques on a vulnerable machine.
Takeaways
- π The video demonstrates hacking a DC8 machine step by step, starting from downloading and setting up the machine.
- π The instructor shows how to scan the target machine using tools like 'sudo arp-scan' and 'sudo netdiscover' to find the machine's IP address.
- π Open ports are identified: port 22 (SSH) and port 80 (HTTP), indicating potential access points.
- π The video highlights testing for SQL injection by entering a single quote in the URL and observing a SQL syntax error.
- π SQLMap is used to extract databases and tables from the vulnerable web application, specifically targeting the 'DC7db' database.
- π User credentials are retrieved from the database; the passwords are hashed and analyzed using hash identifiers to determine the algorithm (Drupal 7).
- π Hashcat is used to crack the password hash, revealing the password 'total', which is then used to log in to the web application.
- π A PHP reverse shell is set up in the web form to gain remote code execution, and the attacker configures it with their local IP and Netcat listener.
- π The video covers local privilege escalation by exploiting a vulnerable Exim 4.89 version using a downloaded 'exploit.sh' script.
- π After executing the exploit and obtaining root access, the root directory is accessed to retrieve the 'flag.txt' file, completing the challenge.
Q & A
What is the first step when starting to work with the DC8 machine?
-The first step is to download and set up the DC8 machine, then start it to begin the penetration testing process.
Which tools are used to scan the network and find the DC8 machine IP?
-The tools used are `sudo nmap` and `sudo netdiscover` to scan the network and identify the machine's IP address.
Which ports were found open on the DC8 machine, and what are they used for?
-Two ports were open: port 22 for SSH access and port 80 for HTTP, which is used for web-based access.
How did the script identify a potential SQL injection vulnerability?
-By entering a single quote (') in the URL, a SQL syntax error was triggered, indicating a possible SQL injection vulnerability.
What is `sqlmap` used for in this workflow?
-`sqlmap` is used to automate SQL injection exploitation, allowing the tester to enumerate databases, tables, and dump user credentials.
Which database and table contained user credentials in this scenario?
-The database `DC7db` contained a table named `users` which held usernames and hashed passwords.
How was the password hash identified and cracked?
-The hash was identified using Hash Identifier as a Drupal 7 hash. It was cracked using Hashcat with the command `hashcat -m 7900 <hash> <wordlist> --show`, revealing the password 'total'.
What method was used to establish a reverse shell on the DC8 machine?
-A PHP web form was configured with reverse shell PHP code, the local IP and port were set, and a Netcat listener was used to receive the connection.
Which exploit was used for local privilege escalation, and why?
-An Exim 4.89 local privilege escalation exploit was used because the target machine was running that vulnerable version of Exim, allowing root access to be gained.
How was the final goal of retrieving the flag accomplished?
-After establishing root access through the local privilege escalation exploit, the tester navigated to `/root` and retrieved the `flag.txt` file.
Why is it important to perform these steps only in a lab environment?
-Performing these steps on unauthorized systems is illegal and unethical. The workflow should only be practiced in controlled, educational labs like DC8 machines.
What are the key tools demonstrated in this penetration testing process?
-Key tools include `nmap`, `netdiscover`, `sqlmap`, Hash Identifier, Hashcat, Netcat, and PHP for reverse shells.
Outlines
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowMindmap
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowKeywords
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowHighlights
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowTranscripts
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowBrowse More Related Video
Praktikum ITD 2025 - Acara 2: Teknologi Retort
Tutorial on Installing Windows 10 in VirtualBox
Install macOS on Windows 10/11 Using VirtualBox (Step-by-Step Guide)
Home Economics- Manual Sewing Machine: Upper & Lower Threading and Basic Machine Operation
Windows Server 2012 r2 Tutorial Tagalog!
Simple Penetration Metasploitable 2 (Cybersecurity)
5.0 / 5 (0 votes)
