# HackTheBox beef <font size=5>port scan ![](https://i.imgur.com/blotEvD.png) I find that port 80 is open then try to access port 80 and use default username and password to login the site but fail ![](https://i.imgur.com/6jbFTrv.png) then i know service name is elastix i also try to find some useful information(ex: version) from source code but i find nothing But when I try to access first level path of the image and find this site has vulnerability with LFI ![](https://i.imgur.com/9g5CjpM.png) So I look for an exploit of elastix and actually find an LFI weakness ![](https://i.imgur.com/RmHAZCd.png) Accroding to this exploit just need to use a special path then can find some configuration ![](https://i.imgur.com/P2vrIDw.png) we can see that the same password appears multiple times so I try to use this password and admin(root) to login the site then success ![](https://i.imgur.com/ncWmxYF.png) Following this thinking I try to access port22 (as root and use same password ) the result is success and my permission is root ![](https://i.imgur.com/52VUSK3.png)