As always, let's scan it first to see if there is an interesting service(s) running:
Ok, now we know that there is a WWW, so probably there will be some interesting webapp to exploit...
Ok, cool. There is a lot of fun as we can see. Let's check the most interesting (and IHMO) the fastest way(s) to get inside this box - code injections:
Simple bypass with ";" character. Nice. Let's exploit it a little bit more:
Ok, it's working. Let's do more:
Ok, so looks like for this excercise - it's over. To get more fun you can try to expoit SQL injection vulnerabilities here as well:
More passwords? Cool, maybe we will use in future attacks. ;)