diff --git a/HackMyVM/Drifting_Blues_6.md b/HackMyVM/Drifting_Blues_6.md
new file mode 100644
index 0000000..f480900
--- /dev/null
+++ b/HackMyVM/Drifting_Blues_6.md
@@ -0,0 +1,93 @@
+# HackMyVM-Drifting Blues 6
+
+## Netdiscover
+
+
+
+
+## Rustscan
+
+```
+rustscan -a 192.168.1.9 -- -A -sC -sV
+.----. .-. .-. .----..---. .----. .---. .--. .-. .-.
+| {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| |
+| .-. \| {_} |.-._} } | | .-._} }\ }/ /\ \| |\ |
+`-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-'
+The Modern Day Port Scanner.
+________________________________________
+: https://discord.gg/GFrQsGy :
+: https://github.com/RustScan/RustScan :
+ --------------------------------------
+Nmap? More like slowmap.🐢
+
+[~] The config file is expected to be at "/root/.rustscan.toml"
+[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers
+[!] Your file limit is very small, which negatively impacts RustScan's speed. Use the Docker image, or up the Ulimit with '--ulimit 5000'.
+
+Open 192.168.1.9:80
+
+
+PORT STATE SERVICE REASON VERSION
+80/tcp open http syn-ack ttl 64 Apache httpd 2.2.22 ((Debian))
+| http-methods:
+|_ Supported Methods: GET HEAD POST OPTIONS
+| http-robots.txt: 1 disallowed entry
+|_/textpattern/textpattern
+|_http-server-header: Apache/2.2.22 (Debian)
+|_http-title: driftingblues
+
+```
+
+## PORT 80 (HTTP)
+
+
+
+Seeing `robots.txt`
+
+
+
+So we will be fuzzing for files with `.zip` extension
+
+
+
+This archive is password protected so we need to crack the password
+
+
+
+
+
+We are logged in
+
+
+
+
+
+We have the ability to upload a file
+
+
+
+
+
+Now we have a shell we could either use this or start a reverse shell
+
+
+
+
+
+Seeing the kernel version
+
+
+
+There's an exploit for this kernel
+
+
+
+
+
+Execute the kernel exploit
+
+
+
+We are root
+
+