ColddBox is another beginner friendly boot to root challenge. We’ll get a foothold by conducting a dictionary attack to brute force the login for a WordPress site. Once we have access we can use WordPress' built-in code editor to edit a file in the active template to get code execution and pop a reverse shell. There are at least 4 ways to escalate privileges to root, and we’ll cover 2 of them here.

Ignite is a very beginner friendly Linux boot to root challenge on TryHackMe. I actually got root before finding the user flag! We’ll be exploiting a CVE in a PHP application to gain access to the box, and from there a little bit of enumeration of the app’s config files reveal the root user’s credentials.