This is my write-up for the machine Beep on Hack The Box located at: https://app.hackthebox.com/machines/Beep.

nmap scan: nmap 10.10.10.7

There are a lot of ports open, so I will start with port 80 (HTTP) first. We see a login page there:

I went to port 10000 out of curiosity and found a Webmin login page there:

I found this exploit on exploitdb:

I had to go read the official Hack The Box write-up for this machine to find out what I overlooked. Turns out the page I was looking at had the exploit all along:

Changing the URL to be /etc/passwd shows you the following:

Now we know there is a user called fanis on the system. Looking in their directory, we are able to find the flag:

Going back to the LFI page provided in the LFI exploit, we can see a password:

From this write-up, I understood if we use this password for the root user, we will be able to log in as root: