Starting off with a typical htb nmap scan:
nmap -AT4 -Pn -p- -v -oN Traceback 10.10.10.181
We can see ports 22 and 80 are open.
According to Xh4H, he has left us a backdoor and we can assume it's a webshell backdoor from his inline comment.
Taking this comment, we paste it word for word in duckduckgo and get a github directory for our first link. Going through some of the files we can see they are definitely webshells.
So we'll clone the entire github repo to /opt/ and write a for loop to check if any of these files are uploaded on the site.
while inside the Web-Shells github directory inside /opt/ we can construct our for loop:
for i in ./*; do echo $i; curl -I 10.10.10.181/$i; done
We get a 200 response from smevk.php, this is our backdoor webshell.