Initial Foothold

After bruteforcing the "admin" username on the FTP Server I was able to get access to multiple files as well as I had permissions to upload files in the root directory of the web server.

the .htpasswd file had the creds for the web application but unfortunately his turned out to be nothing.

I generated a php payload using msfvenom and was able to trigger it and gain Code Execution.