Using John to crack an RSA Private key followed by privilege escalation to root

My initial nmap scan showed port 22 and 80 open

I then went into port 80 recon which gave me a simple server info page

Going towards a Directory brute force here to see if i can find any more info and I did. A admin page

But within this admin page, we have "not secure source code!" Whoo-Hoo
As well, 2 possible usernames, John and admin. (classic)

I tried a throw away attempt and received an error code, So i ran that error code in with my hydra brute forcing tool along with the admin name and was able to crack a password

We now have a password, Cool right?
A successful login gets me directly to an alert page from the developer, a RSA Private key. Big NO NO to have that out in the wild.

SO i grab that RSA Private key, make it into a file and run John the ripper against it to Give me a password.

We already know that port 22 SSH is open so lets use this to log in!
And whalaa

The user john is great, But lets go for root! We can see a root user key wihiin johns etc/shaow info

After copying this and running it against john i now how the root users password!

Password achieved. A simple switch user command gives us root login, and we are in

Keys to the castle!