Objective: Get root access on the DC-1 box and get the flag. This was a super fun beginner boot2root that shows some pretty awesome exploitation and priv esc. Below is the breakdown of what I did.

VulnHub DC-2 Walkthrough – My Hands-On Experience

Step 1 – Finding the Target on the Network

I fired up my Kali VM in bridged mode so it sits on the same LAN as DC-2. First things first — I needed to figure out where DC-2 was hiding. I ran:

Lab network + IPs we used

• Target (SkyTower): 10.0.0.108

• Squid proxy (on SkyTower): 10.0.0.108:3128

• Target loopback we pivoted to: 127.0.0.1 (used for SSH and MySQL from the proxy’s POV)

• Attacker box: Kali (your machine)

Lab context

• Attacker: Kali 10.0.0.168

• Target (vulndocker): 10.0.0.148

• Goal: Get WordPress admin (Flag 1) and read host flag (Flag 3) via exposed Docker Remote API.