Foothold
1. nmap to reveal port 80 and 3000
2. download the source code from gitea on port 3000
3. get
pass.php
and crack it
4. use CVE to upload web shell and get RCE
PrivEsc
1. Run http server on the victim and download the PDF
2. depix the image to get the root password