User part :

-> Run nmap scan

-> Port 21 is closed and 80 is open, So let's check te website, nothing much in the webpage

-> let's check robots.txt , nothing here

-> So i run gobuster to bruteforce the directories and files and i got 1 intresting file 'todo.txt'

-> While reading the paragraph , you can understand 'fergus' is the username

-> Then i went to 'admin' directory and found bludit CMS is using, while checking source code i found the version number also

-> Then i used searchsploit to search exploit and i found Authontication Bruteforce vulnerability

-> Then i downloaded the exploit , then i converted the code using 'dos2unix'.and i need to install some requirements.
I converted the file with dos2unix is ,beacouse sometimes iam getting errors

-> Then i tried some coomon passwords,but they are wrong. so i used 'cewl' command to download custom wordlist of
passwords from the website

-> I tried with custom wordlist and got the password and now i can access the dashboard

-> while iam searching the issues of bludit in github, i found a RCE in version 3.9.2

-> Then i search for exploit and got 1 exploit

-> The exploit is Authenticated RCE i gave the credentials and i got reverse shell

-> I tried to get user.txt but permission is denied, so i look into the directories , i found an intresting part of bludit.
In the folder i found 2 bludit versions directories ,
i know we exploitd with version '3.9.2' .So i looked into version 3.10

-> I got some intresting part in users.php which contains hash of password

-> I cracked the password with the help of crackstation.net

-> Then i tried the password with username hugo and the password is correct

Root Part :

-> I searched for what this user can do with root privileges and i got /bin/bash can execute with root privilege

-> I found the version of sudo is older and exploitable

-> This is the full exploit in exploitdb

-> I got root shell using the command and got 'root.txt'