This post is about the Walkthrough of the Vulnhub machine: DC-9

Vulnhub DC-9 Walkthrough Link to heading

This OS image can be downloaded from DC: 9 ~ VulnHub

Reconnaissance Link to heading

IP discovery Link to heading

As i have installed this in virtual box, i dont know the IP address of this machine. So have to find the IP address of the VM first. As i know the range of IPs are from specific range used on my vitual box, I can use “netdiscover” command to find the IP and for verification, i can use nmap as well to confirm if its a the same Virtual machine.

sudo netdiscover -r 10.0.2.0/24
                                                                                                                                                                                 
 5 Captured ARP Req/Rep packets, from 4 hosts.   Total size: 300                                                                                                                   
 _____________________________________________________________________________
   IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
 -----------------------------------------------------------------------------
                                                                                                          
 10.0.2.19       08:00xxxxx     1      60  PCS Systemtechnik GmbH                                                                                                          

Port-Scan Link to heading

sudo nmap -sS -p- -Pn -T4 --min-rate 10000 -oN alltcp.txt 10.0.2.19
sudo nmap -sU -p- -Pn -T4 --min-rate 10000 -oN alludp.txt 10.0.2.19
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-03-15 20:11 EDT
Nmap scan report for 10.0.2.19
Host is up (0.000064s latency).
Not shown: 65533 closed ports
PORT   STATE    SERVICE
22/tcp filtered ssh
80/tcp open     http
MAC Address: 08:00:27:A6:72:4D (Oracle VirtualBox virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 1.69 seconds
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-03-15 20:11 EDT
Warning: 10.0.2.19 giving up on port because retransmission cap hit (6).
Nmap scan report for 10.0.2.19
Host is up (0.00019s latency).
All 65535 scanned ports on 10.0.2.19 are open|filtered (65483) or closed (52)
MAC Address: 08:00:27:A6:72:4D (Oracle VirtualBox virtual NIC)

We can see ports like 22 and 80 only. Lets try to do a detailed scan on the services running to get any known vulnrabilities.

Vulnarability Scan Link to heading

nmap -Pn -p 22,80 -sC -sV -oN details.txt 10.0.2.19                                                                                                                       130 ⨯
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-03-15 20:50 EDT
Nmap scan report for 10.0.2.19
Host is up (0.00032s latency).

PORT   STATE  SERVICE VERSION
22/tcp closed ssh
80/tcp open   http    Apache httpd 2.4.38 ((Debian))
|_http-server-header: Apache/2.4.38 (Debian)
|_http-title: Example.com - Staff Details - Welcome

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.64 seconds

The Vulnarability scan does not show much on the exploit which we can use. Lets see how the website looks as we see port 80 is open.

HTTP Link to heading

It looks a normal php website.