you can download it here, http://www.five86.com/downloads/DC-6.zip

use nmap to discover the target

1

check its port 80

2

need to edit the host file and resolve wordy to its ip

3

another wordpress site, use wpscan to do a scan

4

not vulnerable plugins were found, enumerated 5 users. try to brute force the credential
according to author’s hint:

5

6

get one credential, login in

7

found this, there might be command injection here, try

8

look around and found this: /home/mark/stuff/things-to-do.txt

9

find graham’s credential, login to the opensshd server

10

stealed jens’ authenication

11

jen is allowed to execute nmap as root without password. quite obvious
write a nmap script to execute command, and run it with nmap, gain root shell

12