Always start with a ping to verify the connection and then start a nmap scan
nothing in return
Something to note lets include -p- in our scan so that way we scan all ports. We know port 80 is a website running so lets go there
we have a login page and server information at the bottom
What I did since I seen this was a dead end was went back to the nmap scan and googled the version of Http and found an exploit on google
Found the rejetto_hfs_exe exploit and started to configure the options
One thing to note we can’t do the sudo -l that we learned in the previous lesson
we also found 3 exploits for priv esc
second one didn’t work
the last one worked. but from here you are in the 2nd shell, just navigate to the admin profile and grab the flag
I somehow lost the session and cant get it back session won’t recreate
Went back to the regular user credentials and googled the OS for an privilege escalation.
configure the options
navigate to the root.txt file