$tryhackme@expose

 (1) I am attempting to complete the Try Hack Me box: Expose

(2) I started off by doing an nmap scan to find what ports are open.

(3) While that scans I setup a note.txt file using nano

(4) The full nmap scan has found 5 open ports

(5) I tried a ssh script to brute force username/password

No valid accounts were found

(6) I then tried the same script on FTP and found that Anonymous FTP login is allowed.

There aren't any directories 

(7) I used gobuster to check for any hidden url's. So far its found 3, the third being a PHP admin login portal.

(8) I tried to be Mr Robot and failed - Using Metasploit 

(9) After getting stuck i searched for help and it turns out there's a fourth url admin_101, i'm not sure why it didnt show up when i used gobuster. You can see that there is an email already entered.