Persecure : my learning archive

, ,

doubletrouble: 1

Download the machine:

https://www.vulnhub.com/entry/doubletrouble-1,743/

Overview

Enumeration

Run nmap scan to find for open ports.

Run a gobuster scan to find for hidden directories.

Port 80

Version 9.1

/secret

Download the image and check if there are any hidden files inside the file.

To extract files we can use steghide. However a password is needed. We can use stegcracker to crack the pass.
Found some creds.

Let’s search searchsploit for some exploits.

found a username.

since we have some creds let’s use the RCE Authenticated exploit.

Edit the file with the necessary details.

However while running the exploit , it got stucked. I exited the exploit and head to the upload folder that we found earlier. Our exploit has been uploaded.

Start up a local netcat listener and click on the php file.

Foothold

User access is gained.

Privilege escalation

TBC

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Comments (

0

)

%d bloggers like this: