Description
DC-3 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.
As with the previous DC releases, this one is designed with beginners in mind, although this time around, there is only one flag, one entry point and no clues at all.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.
For those with experience doing CTF and Boot2Root challenges, this probably won't take you long at all (in fact, it could take you less than 20 minutes easily).
If that's the case, and if you want it to be a bit more of a challenge, you can always redo the challenge and explore other ways of gaining root and obtaining the flag.
Technical Information
DC-3 is a VirtualBox VM built on Ubuntu 32 bit, so there should be no issues running it on most PCs.
Please note: Recently some issues with the VM were brought to my attention. The short version is this:
Ubuntu decided that it was going to update itself which killed Apache2.
Also, the CMS that is used on this challenge has a built in "End of Service" date. I rarely use this particular CMS, and wasn't aware that it effectively has a built in kill switch for itself.
It appears to check both the PHP version and the version of the CMS. If it's past a certain date, it throws up an error for the admin.
Interestingly, it also caused the vulnerability to stop working.
This should now be good until some time in 2034 or so. ;-)
Both these issues have now been fixed.
Please note: I'm happy to report that the single download for DC-3.2 should now work on both VirtualBox and VMware.
The previous version required a separate download for VirtualBox and VMware. This is no longer the case.
It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.
Installation is simple - download it, unzip it, and then import it into VirtualBox and away you go.
Important
While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.
In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.
Download
Download DC-3.2 here.
Sha1 Signature - 63fb4efce0d347ca5baa39f949fd92ffea212589