I will keep it Simple so you will UNDERSTAND.
So I have decided to learn more on hacking everyday after 8 PM for 1 or 2 hours. And I do have installed Kali linux in my virtual box and I have set up the vulnerable machine as well. Here I am going to learn or try to hack the DC-2 vulnerable machine.
My first intention is to get the ip address of the target machine.
Which is piece of cake since i used netdiscover and it was in local machine…
(kali㉿kali)-[~]
└─$ sudo nmap -sS -A 192.168.56.101
Starting Nmap 7.95 ( https://nmap.org ) at 2025-08-10 10:33 EDT
Nmap scan report for 192.168.56.101
Host is up (0.00063s latency).
Not shown: 997 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u7 (protocol 2.0)
| ssh-hostkey:
| 1024 c4:d6:59:e6:77:4c:22:7a:96:16:60:67:8b:42:48:8f (DSA)
| 2048 11:82:fe:53:4e:dc:5b:32:7f:44:64:82:75:7d:d0:a0 (RSA)
|_ 256 3d:aa:98:5c:87:af:ea:84:b8:23:68:8d:b9:05:5f:d8 (ECDSA)
80/tcp open http Apache httpd 2.2.22 ((Debian))
|_http-generator: Drupal 7 (http://drupal.org)
|_http-title: Welcome to Drupal Site | Drupal Site
|_http-server-header: Apache/2.2.22 (Debian)
| http-robots.txt: 36 disallowed entries (15 shown)
| /includes/ /misc/ /modules/ /profiles/ /scripts/
| /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
| /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt
|_/LICENSE.txt /MAINTAINERS.txt
111/tcp open rpcbind 2-4 (RPC #100000)
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
| 100000 2,3,4 111/udp rpcbind
| 100000 3,4 111/tcp6 rpcbind
| 100000 3,4 111/udp6 rpcbind
| 100024 1 33368/tcp status
| 100024 1 33457/udp status
| 100024 1 35455/tcp6 status
|_ 100024 1 39080/udp6 status
MAC Address: 08:00:27:3D:5B:3C (PCS Systemtechnik/Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.2 – 3.16
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT ADDRESS
1 0.63 ms 192.168.56.101
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 21.16 seconds
Today’s session was a mix of frustration and progress. Started off reviewing a scan result that showed multiple vulnerabilities, and I decided to focus on port 80 with a Drupal target. Ran searchsploit, found plenty of ready made exploits, tried a few… none worked as expected. That’s part of the process though. Not every path leads somewhere immediately.
At that point, I stepped back. Sometimes pushing harder doesn’t mean moving forward. A short break can reset your thinking better than forcing it. Even if the session was short, consistency matters more than duration. Showing up, even for 20 minutes, keeps the momentum alive.
Came back later and eventually got the box. No clean journal this time, but the learning still counts. Progress is not always documented perfectly, but it builds quietly.
One thing I keep realizing while learning cybersecurity is how awareness changes your perspective. Devices we use every day are powerful, but they also come with risks most people ignore. In serious discussions or meetings, it is not enough to just silence or switch off your phone. Physical distance matters. Keeping devices away from sensitive conversations reduces unnecessary exposure. You never fully know what is active, listening, or compromised.
Security is less about paranoia and more about understanding possibilities. The more you learn, the more you realize how much is interconnected, and how small habits can make a big difference.
Stay curious. Stay consistent. And stay aware.
(If you read between the lines, you already know: “everything is hackable”)