This video demonstrates how I solved the vulnhub Droopy v0.2 CTF challenge.

Steps

• Use Netdiscover to get the IP address of our target (Reconnaisance)
• Use Nmap to do a detailed scan of the target (Information Gathering)
• Use a publicly-available drupal exploit to creat admin account (Gaining Access)
• Upload a reverse connect script which will open an outbound TCP connection from the webserver to your host (Remote Access)
• Use a Ubuntu local privilege escalation exploit to gain root privileges (Privilege Escalation)