Margheriti

Nmap Scan Result

Run nikto on the web service and found a file backup.zip which is a backup of the Worpress sites. navigate to the wp-config.php and extract the  MySQL username & password

Connect to the mysql with the credential and dump the DB...

password wasn't crackable so I decided to replace the password by generating one from here

Udate worspress password:

UPDATE wp_users SET user_pass = '$P$B4GjVfr98KhY5QIXx2BitVy3Xy0hbw1' WHERE wp_users.user_nicename = 'eadmin'; 

Use Metasploit Exploit module (unix/webapp/wp_admin_shell_upload )  to get meterpreter shell

PE not Required!