1. nmap to find only tcp/22 and 80 open.
2. Robots.txt has a base64-encoded string that decodes to a url string. It’s a password.
3. Find the username in the index.html.
4. ssh with the name and base64 string as passwordand find flag.txt in the user’s home. There’s another in /root/
5. Uname -a shows a vulnerable system. Check NSE nmap vulnerability output for the url for the C source code.
6. Download the C code, compile with gcc, run and kaboom! uid0
7. Find 2nd flag in /root
Get a Kali linux box and go here: https://portal.offensive-security.com/proving-grounds/play
Essentially, you get a vpn account, log in, get a 192 IP Address and are given the IP Address of target computers you scan, enumerate, attack and capture the flags for points.
$20 a month gives you unlimited access but free is limited to 3 hours per 24 hour period.