Using nmap, I found port 20 and port80 open.

Using ffuf, I found a login directory.
Fuzzing inside the login directory, where I also founs a swp version of login.php
Reading the login.php code, I found a vulnerability.
This code is using strcmp(), if the creds are correct, it will return 0.
But it is designed to compare strings, and if you send something that is'nt a string, will return 0.
Knowing that, I send a array to the page.
With this, I logged in the web panel.
After logging, I can see a page that allows me to upload any file to the local file system.
I uploaded a php reverse shell, and executed it inside the _uploaded directory, who I found in the ffuf enumeration.

Reading the php files, I found some credentials.
With this credentials, I logged as John user.

John can use find as root.
Using the binary find with sudo, I execute a shell, getting a root shell.
