The description states:  "Welcome to ColddBox Easy, it is a Wordpress machine with an easy level of difficulty, highly recommended for beginners in the field, good luck!" 

I've been looking for a little mindless hacking because I'm sandwiched between a couple of red team courses that are making my brain hurt.  I've actually been refreshing the Vulnhub page for a few days now hoping they'd dump some new boxes.  I also have a new box in that list as well.  The last two were huge successes and the feedback I got was pretty amazing.  Anyway, enough about that, we kick off with Nmap:

This was an interesting situation where I thought I was retrieving a token using XSS, like (document.cookie), but instead the token was located in LocalStorage.  Obviously, you need to know the key name but since I had the application, I had that information.  Pushing aside the XSS part, the meat is here:

I belong to a few business networking groups and I’m frequently asked – “Who is your ideal customer?”  Normally, I answer that question in generic terms but I was recently at a presentation given by a local HR benefits provider and my answer to that question changed the following week.