3. We see that there is a wordpress installation. We use the wpscan tool to investigate users, plugins, themes, versions.
4. We have two logins for the wordpress installation (michael and steven). Maybe we can try to test passwords against the login page.
6. Now, that we are in the machine. Look around the web folder structure to see if we get more creds.
7. We have creds for root for mysql. Maybe steven used the same password. Nope. At least we should be able to log into wordpress now.
9. We have found hashed passwords in the wp_users table. We can try to find the passwords.
10. We can use hashcat to find the password. Found it. (Of course I closed the terminal before taking a screenshot.)
12. Well, it looks like steven can sudo python command. Well, we can use python to get into a shell.
13. That looks like game over. I also wanted to list where I found the other flags.