3. We see that there is a wordpress installation. We use the wpscan tool to investigate users, plugins, themes, versions.
4. We have two logins for the wordpress installation (michael and steven). Maybe we can try to test passwords against the login page.
Also, to make life easier, we add an host record so we can browse using the DNS name raven.local.
6. Now, that we are in the machine. Look around the web folder structure to see if we get more creds.
7. We have creds for root for mysql. Maybe steven used the same password. Nope. At least we should be able to log into wordpress now.
8. We have an interactive shell so maybe we can use mysql to find more data.
10. We can use hashcat to find the password. Found it. (Of course I closed the terminal before taking a screenshot.)
13. That looks like game over. I also wanted to list where I found the other flags.