This is a Linux machine with web service provided by WordPress which has a SSRF vulnerability to leak the credentials for web user.

After login into the system as web user, we obtains the hash of the password of another normal user. Subsequently, we utilized forensic techniques to move laterally across users on the system. Ultimately, we discovered that user xavi had configured a sudo rule allowing passwordless execution of arbitrary programs, effectively granting root privileges.