- Run directory enumeration tools to find for clues
- Upload reverse shells to gain access
- Bruteforce users
- Check binary exploits
Run nmap scan to find for open ports.
Run a gobuster scan to find for hidden directories.
In this mini shell we are able to upload files. Let’s upload a php reverse shell and execute it.
In the home directory there are the following users.
Use hydra to bruteforce the goat user.
Now we have a user access with a better shell.
Checking sudo permissons.
root access gained.
Final flag found.