Pcap File.. 

Now that we have analyzed Pcap, we can start directly with brute-force.

 

 

Let's log in to FTP with the password we found.

 

 

Let's transfer the Shell.php file in FTP to our own machine, edit the IP address and port according to ourselves, and send it back to the machine.

 

put shell.php

Before running the Shell.php file from the web page, let's listen to the port we specified for the Shell.

 

 

We logged in the machine as www-data. Since we know Jenny's password, let's login to the Jenny user.

 

 

We see that user Jenny can use the sudo command for (ALL : ALL).

 

Then we just run “sudo su”.

 

 

We are root.