->yearofrabbit




User part :



-> Run Nmap Scan





-> port 21,22,80 are open. tried with anonymous login,but failed. so let's check website





-> Nothing more intresting apache default page, so lets check for directories





-> found 1 directory. let's check this





-> got index of assets, i checked both files, and got this intresting part





-> without wasting my time i went to that '.php' file and got redirect to youtube. i checked burp history and found something weired





-> i opened hidden-directory and got index of that page





-> let's download that image and check for some intresting parts





-> using linux string command i got this, without wasting my time i run hydra with these credentials





-> and got success





-> only one file in ftp, Downloaded and opened it





-> got some codes





-> iam not much expert in crypto, so i searched for the decryption





-> got these credentials with decryptor





-> tried with ssh and got shell, but shell got some weired message, so lets check it





-> hidden file, so opened hidden file and got password





Root part :



-> first checked sudo privilege





-> while running with sudo command got some permission error





-> so, i checked sudo version





-> i searched for exploit in exploitdb and got this





-> and searched for 'vi' in gtfobins and got this





-> run this command





-> opened vi and typed gtfobins shell command





-> got root shell and root flag