Blasterv1.1

nmap

80
3389 ms-wbt-server Microsoft Terminal Services

loking through the website got a comment with passowrd of wordpress login
wade:parzival
login wordpress
tried php reverse shell in Apperence> theme editor> archive.php
and run  http://10.10.125.44/retro/wp-content/themes/90s-retro/archive.php
but not worked

login RDP using remmina
wade:parzival
--> user.txt
''''

priveleage escalation

# TASK

1. A web server is running on the target. What is the hidden directory which the website lives on?

/retro -via gobuster

2. Gain initial access and read the contents of user.txt

THM{HACK_PLAYER_ONE}

3. [Optional] Elevate privileges and read the content of root.txt

THM{COIN_OPERATATED_EXPLOITATION}

====================================================