Ftp

First exploited VSFTP, which returned a shell through Psy Shell, then we sign a client certificate to authenticate ourselves. Now, we exploit directory traversal to gain an ssh key. For root, we notice a process executing frequently, so we use that functionality to route to a reverse shell that gives me root access.

FTP hosted foothold, into finding a CVE with Authenticated Command Injection to give root.

Connect via IPSEC VPN to get access to the host, clues from SNMP to get connected, found out its a Windows host, uploaded a webshell via FTP, then privesc with JuicyPotato.

SharePoint endpoint enumerated into discovering FTP credentials, cracking the password needed and authenticating with crackmapexec, then privilege escalating with JuicyPotato.

Enumerated functionality of the Microsoft IIS server with help with FTP, and used msfconsole's local_exploit/suggester to privesc to root.