Walkthru A. http://nixware.net/derpnstink-1-walkthrough [wordpress, wpscan, wordpress vuln, access via mysql user/pwd hashcat, pwd in pcap file, sudo user will get you root access but the file/dir in sudo doesnt exist so you have to create one dev reverse tcp ] B. https://amonsec.net/ctf/derpnstink-1-ctf-walkthrough [use private key ssh to login] Notes A. not sure how the password was cracked using hashcat. tried a single hash but didnt work. another hash worked https://samsclass.info/seminars/CMS/hashcat-wordpress.htm