The nmap output shows that the anonymous ftp login is turned on. let's log in.
We download the note_to_jake.txt file and look at its contents.
Amy says that Jake's password is weak. there is no page is found in the dirb scan so ssh connection can be bruteforced with the username jake
We can login as jake with password we got via hydra.
And we got user.txt
Now time to privilege escalation:
The command
"sudo -l"
is used to display which commands a user has permission to run as the superuser (root) or on behalf of another specific user.
If we look on the internet a little bit, we can find what we are looking for on the gtfobins.
And we got root flag
As the room creator said this machine has 2 solutions.
If we talk briefly about the second solution: We download the image file on the website.
crack with stegcrack and get the holt password.
Login to ssh with Holt's credentials.
As in the first solution, we find the way to be root by using the sudo -l command.
