Using nmap, I found some open ports.
ssh in 22, http in 8080, 8443, and a ibm db in 6789.
In port 8443 we can find a UniFi instance.
This instance is vulnerable to CVE-2021-44228.

This vulnerability allows me to execute code using a ldap injection.
With this instance, Im able to obtain a reverse shell, creating our own LDAP server who will provide the reverse shell and ejecuting the injection.
Using this shell, Im able to read the user flag.

Inside the machine, I found a mongodb instance.
Here, I was able to found some hashes.
I cannot crash the hashes, but I can overwrite my own password.
With this password, I can access to unifi admin panel.
Using this instance, I can log ass root with the saved password in ssh as root.
