We took advantage of the weak hash and poor security of the location the credentials were stored in through brute-forcing of directories as well as passwords combined with a dictionary attack. We then escalated privilege by leveraging it against the configurations set in the victim machine.