# Objective
In this machine, we will first need to find a `user.txt` file and then escalate to root in order to access `root.txt`.

# Discovery
## nmap
Let's see what is on this machine.
What is very interesting is port 80 (http), 3306 (mysql) and potentially 8081.

```bash
$ sudo nmap -sS -A -p- 10.129.XXX.XXX
Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-25 15:54 EDT
Nmap scan report for 10.129.XXX.XXX
Host is up (0.011s latency).
Not shown: 65525 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 4b:89:47:39:67:3d:07:31:5e:3f:4c:27:41:1f:f9:67 (RSA)
| 256 04:a7:4f:39:95:65:c5:b0:8d:d5:49:2e:d8:44:00:36 (ECDSA)
|_ 256 b4:5e:83:93:c5:42:49:de:71:25:92:71:23:b1:85:54 (ED25519)
80/tcp open ssl/http?
3306/tcp open mysql?
|_ssl-cert: ERROR: Script execution failed (use -d to debug)
|_ssl-date: ERROR: Script execution failed (use -d to debug)
|_sslv2: ERROR: Script execution failed (use -d to debug)
|_tls-alpn: ERROR: Script execution failed (use -d to debug)
|_tls-nextprotoneg: ERROR: Script execution failed (use -d to debug)
6123/tcp open spark Apache Spark
8081/tcp open blackice-icecap?
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404 Not Found
| Content-Type: application/json; charset=UTF-8
| content-length: 74
| {"errors":["Unable to load requested file /nice ports,/Trinity.txt.bak."]}
| GetRequest:
| HTTP/1.1 200 OK
| Content-Type: text/html
| Date: Sun, 25 Jul 2021 19:55:00 GMT
| Expires: Sun, 25 Jul 2021 20:00:00 GMT
| Cache-Control: private, max-age=300
| Last-Modified: Sun, 25 Jul 2021 19:55:00 GMT
| content-length: 2137
|