Vulnhub Series →DC-1


I’m Neelesh, The pwned machine is first part of DC series from Vulnhub-Offensive Security. So let’s get started!

Initially after arp scan, we got the target IP and exported the target IP as environment variable and started the nmap scan:

Clearly, by looking at the results we jumped to port 80 which is CMS based drupal site although it was already verified in nmap scan

We have to enumerate, since the initial enumeration sprays didn’t work (eg. default passwords sprays). But then we scanned the site with droope scan

We found some interesting stuffs like CMS versions, after enum through searchsploit we found:

As per searchsploit results we shot the msfconsole and filled up with required options for meterpreter session:

During post enumeration, we found a flag4.txt as shown:

While enumeration we checked netstat but nothing interesting came up so far.But after checking up SUID permissions we got:

and clearly, we are root and the PoC of becoming root is shown below:


That’s all for now!

Until Next Time,

Do Good and Good will come to you


Feel free to ping me anytime







Cybersecurity | CTFs | Networking |

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Anecdote of ECK integration with

Dataprep, a slightly neglected data wrangling tool

Learning Unity — The Singleton Design Pattern

Journey of DLithe Bootcamp Java Full Stack Developer | Week 7(May 02— May 07)

python and pyspark name collisions

Java vs. Python — Why Python Is Preferred More by Developers

Kong Api Gateway

Getting in the Groove

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Neelesh Patel

Neelesh Patel

Cybersecurity | CTFs | Networking |

More from Medium

Log4j Malware — Charming Kitten

Road to OSCP 11: Blocky HackTheBox

Analysis of Cyber Attacks using a Honeypot

HTB: Backdoor Walkthrough