diff --git a/VulnHub/DC-5.md b/VulnHub/DC-5.md
new file mode 100644
index 0000000..ec289f6
--- /dev/null
+++ b/VulnHub/DC-5.md
@@ -0,0 +1,156 @@
+# Vulnhub - DC 5
+
+## Rustscan
+
+```bash
+rustscan -a 192.168.1.5 -- -A -sC -sV
+
+Open 192.168.1.5:80
+Open 192.168.1.5:111
+Open 192.168.1.5:46209
+
+PORT STATE SERVICE REASON VERSION
+80/tcp open http syn-ack ttl 64 nginx 1.6.2
+| http-methods:
+|_ Supported Methods: GET HEAD POST
+|_http-server-header: nginx/1.6.2
+|_http-title: Welcome
+111/tcp open rpcbind syn-ack ttl 64 2-4 (RPC #100000)
+| rpcinfo:
+| program version port/proto service
+| 100000 2,3,4 111/tcp rpcbind
+| 100000 2,3,4 111/udp rpcbind
+| 100000 3,4 111/tcp6 rpcbind
+| 100000 3,4 111/udp6 rpcbind
+| 100024 1 36602/tcp6 status
+| 100024 1 46209/tcp status
+| 100024 1 49690/udp6 status
+|_ 100024 1 56402/udp status
+46209/tcp open status syn-ack ttl 64 1 (RPC #100024)
+MAC Address: 08:00:27:01:36:B6 (Oracle VirtualBox virtual NIC)
+```
+
+## PORT 80 (HTTP)
+
+
+
+Running gobuster on the website
+
+
+
+`footer.php` looked interesting
+
+
+
+After refreshing the page the copyright text changes
+
+
+
+But `thankyou.php` had footer.php so there the text was also changing on reload , which was a hint for the box to look for a page which reloads
+
+
+
+I went to `contact.php`
+
+
+
+Filled the details and submitted them , it redirected me to thankyou.php with the url having our submitted details
+
+
+
+But here this file doesn't suppose to having these paramters so let's fuzz for paramters
+
+
+
+This showed a lot of parameters with the same result so let's filter it according to words
+
+
+
+And we got `file` as a parameter
+
+
+
+Since this is website is using nginx so we can read it's log file
+
+
+
+We can poison the nginx log with a php command injection by adding the php payload by replacing the user agent
+
+
+
+But it didn't work
+
+Added that php injection command in `file` parameter
+
+
+
+
+
+It was being url encoded
+
+
+
+
+
+Now it seems to work
+
+
+
+Finding SUID's , I found `screen-4.5.0`
+
+
+
+There's an exploit for it on exploit-db
+
+
+
+Transfer the exploit on target machine
+
+
+
+But we'll get this error when compiling it
+
+
+
+So it seems we need to manually create and compile files
+
+
+
+
+
+
+
+Before you compile you will be seeing this error
+
+`gcc: error trying to exec 'cc1': execvp: No such file or directory`
+
+So to resolve this export gcc's path in PATH variable
+
+`export PATH=/usr/bin:$PATH`
+
+And then run these commands
+
+1. gcc -fPIC -shared -ldl -o /tmp/libhax.so /tmp/libhax.c
+2. gcc -o /tmp/rootshell /tmp/rootshell.c
+
+Finally run this command
+
+
+
+You'll see `rootshell` binary gets owned by `root`
+
+
+
+Now just run that binary and you will get root on the machine
+
+
+
+
+
+
+## Things Learned from this machine
+
+1. If a page has get paramters make sure to fuzz for them
+2. If you find a LFI on a page try to read logs (apache2 or nginx) and poison the logs by adding php get parameter
+3. Look for SUID binaries
+4. Before using the exploit ,see what's it doing
\ No newline at end of file