Hi there, I am malw_guy , a former Penetration-Tester, currently pursuing a degree in Electro-Communications. I've been nourishing my hacking skills since I was just a teenager, I started back when I was 13 (I'd like to keep my current age confidential). The purpose of this blog is as a showcase / portfolio so people can grasp a lil' bit of my knowledge in the field. It should be noted that I am inclined to withhold public disclosure of the majority of my accomplishments in this particular field, primarily due to their involvement with governmental entities. However, should you possess a compelling reason to inquire further about these achievements, I am prepared to disclose them on a case-by-case basis, depending on the nature of your inquiry.
Machine: Shocker
Let's continue with some directory enumeration using gobuster 
Most probably, as in the title, it will be about shellshocking 
Let's continue the enumeration as we have no access to view the contents of the directory 
Alright, we found user.sh, if we navigate to it the file will be downloaded and we can view the contents 
Just as I predicted, we have to shellshock it. Now, in order to do it, we have 2 ways we either use the script from the CVE or the metasploit module 
After we used either one of them, we have access and we get our user.txt flag. Moving to privilege escalation, as always we start with the basic sudo -l command to check for permissions 
We can user perl with root privileges, so everything we have to do is /bin/sh it 
And we rooted it.
