, ,

doubletrouble: 1

Download the machine:




Run nmap scan to find for open ports.

Run a gobuster scan to find for hidden directories.

Port 80

Version 9.1


Download the image and check if there are any hidden files inside the file.

To extract files we can use steghide. However a password is needed. We can use stegcracker to crack the pass.
Found some creds.

Let’s search searchsploit for some exploits.

found a username.

since we have some creds let’s use the RCE Authenticated exploit.

Edit the file with the necessary details.

However while running the exploit , it got stucked. I exited the exploit and head to the upload folder that we found earlier. Our exploit has been uploaded.

Start up a local netcat listener and click on the php file.


User access is gained.

Privilege escalation


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: