Vega
Nmap Scan Result
This is an easy one. Linux ".bash_history" history file was readable from the web service running on port 80, discovered after fuzzing. This file contained a username and password entry. The password was intentionally misspelt, however, there's an entry with the correct spelling plus is a common.
The valid credential was then used for SSH Access
Privilege Escalation
Running "sudo -l" to see if user vega is in the sudoer list and also see what commands we can run with sudo. we notice we can run sudo with no restriction and simply run "sudo su" to become root.