# HTB Traverxec walkthrough ### Scan with nmap  ### Found out open web (80) port and 22 (ssh) port ### Also found out a vulnerable nostromo web service (v 1.9.6) ### ### Using MSF exploit - got shell on the machine ``` use exploit/multi/http/nostromo_code_exec ``` ### Spawned bash shell ``` python -c 'import pty; pty.spawn("/bin/bash")' ```  ### Using linpeas I discovered a ssh private key of David that my teammate left in the /tmp folder  ### Cracked ssh using john  ### And then logged in as David  ### Searched again with linpeas for SUID bit files. For some reason foud nothing. But found that info in the script. Using that info of SUID bit for journalctl + jtfobins - escalated my privileges to root.