vulnversiy was the first box towards offensive security path. we found web portal running on port 3333 using gobuster we found some directory's, which helps To upload our shell codes. with help of securifera github page we can able to identify correct file extension, gained user shell using php-reverse-shell and escalated privilege using SUID bit binary with help of Gtfobins.