DC-4 of the DC Series

revsh3ll published on 02-14-2024 included in VulnHub

If you’re wanting to learn SQLi and kernel exploitation, I’d suggest loading up DC-3. It showcased the importance of keeping your systems, internal and external, updated(patched). In the real world, keeping systems up-to-date can help deter attacks, by increasing the time and effort needed by the adversary, but can be difficult to implement.

Post Exploitation Resources

revsh3ll published on 02-14-2024 included in Resources & Tools

Post-Exploitation Abusing vulnerabilities and misconfigurations to maintain access, escalate privileges, and/or exfiltrate sensitive data. With our initial access to an internal network, we now focus on acquiring higher-level access through privilege escalation, pivoting to other hosts through lateral movement, stealing sensitive information through data exfiltration, and maintaining access through persistent methods.

Exploitation Resources

revsh3ll published on 11-29-2023 included in Resources & Tools

Exploitation Abusing misconfigurations and vulnerabilities to gain access to the target. In the exploitation phase, we’re researching and abusing found vulnerabilities and misconfigurations with the goal of gaining initial access to our target. Few examples: Abusing a poorly configured web app(E.

Active Recon Resources

revsh3ll published on 11-03-2023 included in Resources & Tools

Active Reconnaissance To gather intelligence by actively engaging the target. In the active reconnaissance phase, we’re planning our future phases, like exploitation, by actively collecting information on the target by enumeration, scanning, etc. Few examples: What targets were found and what ports are open?

Passive Recon Resources

revsh3ll published on 10-28-2023 included in Resources & Tools

Passive Reconnaissance To gather intelligence without actively engaging the target. In the passive recon phase, we’re planning our future steps by passively collecting information on the target by fingerprinting, using OSINT, etc. Few examples: Any email formats found? What names can we find related to the target?

DC-3 of the DC Series

revsh3ll published on 02-07-2023 included in VulnHub

I enjoyed DC-2’s Tom & Jerry theme! It showed us the concept of credential reuse and weak passwords, along with the misconfigurations of wordpress and SUID set binary. Anyways, now onto DC-3.2 aka DC-3! DC-3 Details Dropdown to see DC-3's quick overview DC-3 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.

Cyber Expert with a passion for protecting your data.