https://www.vulnhub.com/entry/ripper-1,706/
Run a nmap scan to find for open ports.
Use searchsploit to find for exploits for webmin 1.910
Running a gobuster scan will give you a secret directory to /rips/ which is a type of vulnerability scanner. Scan the default Apache server directory var/www . Click the files tab and a secret file with username and password will be found.
SSH into that account.
First flag is found.
While exploring the other directories in the /mnt/ folder a secret.file is found containing a password. Switch to the next user with the password.
Found a webmin folder and accessable miniser.log. User and password is found in the account log.
Start up metasploit and use the exploit for webmin 1.910. And input the following options. Then run the exploit.
Root access is gained. Spawn and shell and change directory to the root folder to find the final flag.
Persecure : my learning archive 