->Traverxec
Step 1 :
Run Nmap Scan

Step 2 :
run dirsearch for directories in the website

Step 3 :
look for whatweb it recognises what web technologies
including content management systems which is used in website,
You can see it's using nostromo server and it's version

Step 4 :
search for nostromo exploits ,
Google bash script for this exploit and you can see bash scripts

Step 5:
Using the bash script we found from google You can interact with that server ,
So you can get reverse shell using nc command


Step 6 :
We know that it's using nostromo server ,
so search for nostromo folder,and go to the folder and
there is a conf folder go to the conf folder

Step 7 :
Read nhttpd.conf file and you can see there is a
folder inside the david directory which is public_www

Step 8:
Go to The Folder,there is a protected-area folder go inside into that,
we can see a backup file of ssh in there

Step 9:
Copy that file to /tmp/ji and unzip it , You can see 3 file (authorized_keys,id_rsa,id_rsa.pub)


Step 10:
Copy the ssh key and save it in your machine

Step 11:
To crack the password first use ssh2john and crack password with john

Step 12:
Now you got password and you can login to the ssh of david

Step 13:
You can see server-stats.sh inside david directory,read the file ,
it's using journalctl by sudo command

Step 14:
Going through GTFObins ,we can see journalctl and we can be
root through the command execution given below

Step 15:
run the same which we seen in that server-stats.sh file,and the write
!/bin/bash after the execution ,
You successfully root priviliaged and you can read root file
