The description states:  "This box should be easy. This machine was created for the InfoSec Prep Discord Server as a give way for a 30d voucher to the OSCP Lab, Lab materials, and an exam attempt."

Been a while since I've written I've been focusing heavily on a class but I needed a little distraction, saw the new Vulnhub look and feel, then saw this box.  I thought maybe it would be a little more OSCP-like but I think the point was to make it accessible to a wider variety of player. 

We kick off with Nmap:

We see the web port and MySQL on another port.  We fire up Nikto:

Two things stand out -- /secret.txt and WordPress.  We check out the site:

Checking out /secret.txt we find:

Looks like Base64.  We decode:

And we get a private key.  We save it and give it the proper permissions.

Now we need a username which we find here:

We SSH into the box:

We fire up LinePeas:

And we see that bash has some interesting permissions set.  We visit gtfobins:

Executing bash with the -p flag:

And we're root.  We just need to get the flag: