https://erev0s.com/blog/cracking-etcshadow-john/
https://ethicalhacs.com/undetected-hackthebox-walkthrough/ get the root hash
first shell was easy as www-data that’s how I found it: https://www.reddit.com/r/PHP/comments/m1vifi/fyi_hackers_tried_to_access_my_vendor_folder/ additional stuff: https://www.exploit-db.com/exploits/50702 https://gist.github.com/yassineaboukir/1501de6f60dce148824d3001e83fb263