PenTesting Challenge

The machine was an easy Linux based box.

I found two different ways to get the root.

The second method was very direct and easy.

Let's get started

First Method

First, we need to find the IP address of the machine

From the output, we can understand that 10.0.2.21 is the target

Next on running a simple nmap scan to list the common open ports, we will get the below result

Now we should enumerate more on this box

On running

nmap –sV –sC 10.0.2.21

It showed that FTP anonymous login is possible on this machine

This showed the existence of many files related to WordPress and also a robots.txt file.