A friend who already rooted this box recommended it to me and now understand why.  It wasn't hard but it makes you put pieces together and that makes it fun.  I'll bring this up in a minute when we get to a specific point but somewhere in the middle, something kept breaking and I had to tear out the VM and import a new one.  I don't know if that was just me or if this is everyone but it'll be obvious if it happens to you and I'll make sure to point it out.

Anyway, kicking off with Nmap:

A quick primer prior to hitting the substance of this post. 

With respect to the Internet, people like names and machines like numbers.  When we enter:  www.google.com into our web browsers, domain name service (DNS), is what takes the name:  www.google.com and converts it to the IP address:  172.217.5.196

DNS encompasses more than that but the basic point is that this type of resolution exists in the background and it's all happening unencrypted.  So why do we care?  We could talk about Man in the Middle attacks and how this traffic can be intercepted, poisoned, and how you could be sent somewhere else.  But odds are pretty good that's not happening to you.  Let me paint a more realistic example that is happening to you.  

There are a few new releases on Vulnhub and the one I'm writing about today claims there are 12 avenues for privilege escalation.  Honestly, I'm not interested in finding 12 different privilege escalations.  I have the patience and the time for one.  I figured with that many avenues, this would be over quickly.  I appreciate the effort but I'm one and done on this box.

If you're on the hunt for all 12, I've got a few hints in the screenshots.  I would also look at cron because I seem to recall seeing something there as well when I was hunting around post root.  

Anyway, kicking off with Nmap: