Showcase

Nmap Scan Result

checked web page and found a Wordpress web service running and I did a user emuneration and bruteforce attack.

Found a valid password after few minutes.

wpscan -e u --url http://10.150.150.129/wordpress --passwords /usr/share/wordlists/rockyou.txt

The Found password granted me access to both Wordpress login and SSH.

After running "id" command I noticed julien is a member of group lxd.

A member of the local “lxd” group can instantly escalate the privileges to root on the host operating system. This is irrespective of whether that user has been granted sudo rights and does not require them to enter their password. 

Following the instruction here. I was able to escalate my privilege.