📻DC3

DC: 3 is a challenge posted on VulnHub created by DCAU. This is a write-up of my experience solving this Attack Machine (Kali Linux) and Victim Machine (DC: 3) set up and running, I decided to get down to solving this challenge.

I decided to start my journey with netdiscover to complete the host discovery phase as follows: netdiscover

Great, the Victim Machine is 10.10.1.6. Let’s continue!

For the next step, I decided to run an nmap scan to determine open ports and services using the command:

nmap -sV -F 10.10.1.6

nmap -p- -sC -sV 10.10.1.6 --open

-sC - simple scripts

-F: Fast mode - Scan fewer ports than the default scan

SERVICE/VERSION DETECTION:

-sV: Probe open ports to determine service/version info

The nmap scan discovered that port 80 was open.

if you want to stay in the flow of using the terminal, type in firefox http://10.10.1.6

I decided to do the directory enumeration using dirb tool command: dirb http://10.10.1.6

We have Discovered /Administrator page. We need to check http://10.10.1.6/administrator.

After I ran dirb, I decided to run nikto just to be sure that I did not miss anything important. The command is: nikto -h http://10.10.0.6

Now, I realized that I was working with a Joomla-based web application. Are there any specific tools to enumerate and find vulnerabilities? Is there something like wpscan for WordPress available for Joomla?

I needed to do my research.

I came across an interesting tool called JoomScan - a Joomla Vulnerability Scanner. It is available on Kali Linux so I decided to give it a test run with our Joomla website using the command: joomscan -url http://10.10.1.6 -enumerate-components