Vega

Nmap Scan Result

This is an easy one. Linux ".bash_history" history file was readable from the web service running on port 80, discovered after fuzzing. This file contained a username and password entry. The password was intentionally misspelt, however, there's an entry with the correct spelling plus is a common.

The valid credential was then used for SSH Access

Privilege Escalation

Running "sudo -l" to see if user vega  is in the sudoer list and also see what commands we can run with sudo. we notice we can run sudo with no restriction and simply run "sudo su" to become root.