DC and Five86 Series Challenges

Description

DC-8 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.

This challenge is a bit of a hybrid between being an actual challenge, and being a "proof of concept" as to whether two-factor authentication installed and configured on Linux can prevent the Linux server from being exploited.

The "proof of concept" portion of this challenge eventuated as a result of a question being asked about two-factor authentication and Linux on Twitter, and also due to a suggestion by @theart42.

The ultimate goal of this challenge is to bypass two-factor authentication, get root and to read the one and only flag.

You probably wouldn't even know that two-factor authentication was installed and configured unless you attempt to login via SSH, but it's definitely there and doing it's job.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.


Technical Information

DC-8 is a VirtualBox VM built on Debian 64 bit, but there shouldn't be any issues running it on most PCs.

All challenges are tested with VirtualBox and VMware.

It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.

Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go.


Important

While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.

In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.


Credits

The original asker of the question on Twitter (unfortunately I can't find the Twitter thread where the question was asked).

@theart42 on Twitter and Discord for raising the topic.

Some code used was from https://befused.com/drupal/sql-injection as I strangely couldn't write my own module that was exploitable. This is surprising, as I'm sure most code I write could be exploitable. ;-)


Download

Download DC-8 here.

Sha1 Signature - b67f48f72b5d7d7dd7b04c8c6ca2c686934aad80


Walkthrough

DC-8 Walkthrough by MZFR