https://www.vulnhub.com/entry/double-1,632/
Scan ports opened.
Port 8080 need auth, we don't know yet. So we start from port 80.
Check http://url/production.
Try to send some cmd, like cmd="id", code="1", then we can see the command we input.
Send cmd = <?php system($_GET["cmd"]); ?>, then we get error message.
See if we can run the php code.
Then we get reverse shell.
We need to find the config file about port 8080.
In /etc/apache2/sites-available, we get fox.conf.
Check the content of fox.conf, get auth file.
Check the auth file.
Crack it with john.
Log in port 8080 with this creds, we get the same page like port 80 again.
We use the method to get a reverse shell, but this time as user "fox".
Check SUID file.
Get root.