TRYHACKME JACK -- hack WordPress server , gain shell,escalate privs to root using a Python module.

Today I'm doing jack from tryhackme this box is marked hard. this is a CTF challenge, so I'll walk you through and show you how to root this box. The tools that We'll be using is Nmap, wpscan, Burp, pspy.
I'll start by enumerating the box and see that its running WordPress. We'll Then Use the wpscan tool to enumerate users and get some credentials by brute-forcing the application. now in order for us to get a reverse shell, we'll need to escalate our privileges from a normal user to an administrator on WordPress.
then edit the PHP file and inject our reverse shellcode and get a reverse shell as user www-data.
We'll find a file in the home directory called reminder.txt. That tells us There's a backups folder somewhere on the system.
So we'll need to use the "FIND" command to search for that folder once we find it. We'll see that there is an ssh key for jack. We will then use that ssh key to login as jack and then do some more Enumeration using pspy to monitor the processes that are running.
we'll notice that root has a cronjob running every minute running a script that imports the os module which we have read and write access. We'll modify the os module and get a reverse shell as root. So I've Done this machine already and since this is your guy's first time ill be attacking this machine like if it was my first time so you guys can see the full process.