1. Nmap

$ nmap -A 10.10.147.101
Not shown: 998 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 49:7c:f7:41:10:43:73:da:2c:e6:38:95:86:f8:e0:f0 (RSA)
|   256 2f:d7:c4:4c:e8:1b:5a:90:44:df:c0:63:8c:72:ae:55 (ECDSA)
|_  256 61:84:62:27:c6:c3:29:17:dd:27:45:9e:29:cb:90:5e (ED25519)
80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

2. HTTP

http://10.10.147.101/

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/4d6f0352-6a3a-4a84-ba07-701cd189c6c8/Untitled.png

3. Feroxbuster

$ feroxbuster -u <http://10.10.147.101> -w /usr/share/wordlists/dirb/common.txt -s 200 204 301 302 307 308

 ___  ___  __   __     __      __         __   ___
|__  |__  |__) |__) | /  `    /  \\ \\_/ | |  \\ |__
|    |___ |  \\ |  \\ | \\__,    \\__/ / \\ | |__/ |___
by Ben "epi" Risher 🤓                  ver: 1.6.2
───────────────────────────┬──────────────────────
 🎯  Target Url            │ <http://10.10.147.101>
 🚀  Threads               │ 50
 📖  Wordlist              │ /usr/share/wordlists/dirb/common.txt
 🆗  Status Codes          │ [200, 204, 301, 302, 307, 308]
 💥  Timeout (secs)        │ 7
 🦡  User-Agent            │ feroxbuster/1.6.2
 🔃  Recursion Depth       │ 4
───────────────────────────┴──────────────────────
 ⏯   Press [ENTER] to pause|resume your scan
──────────────────────────────────────────────────
200      375l      968w    11321c <http://10.10.147.101/index.html>
301        9l       28w      316c <http://10.10.147.101/content>
301        9l       28w      319c <http://10.10.147.101/content/js>
301        9l       28w      323c <http://10.10.147.101/content/images>
200        1l        6w     1150c <http://10.10.147.101/content/images/favicon.ico>
301        9l       28w      319c <http://10.10.147.101/content/as>
301        9l       28w      324c <http://10.10.147.101/content/_themes>
200       36l      151w     2199c <http://10.10.147.101/content/index.php>
301        9l       28w      327c <http://10.10.147.101/content/attachment>
301        9l       28w      320c <http://10.10.147.101/content/inc>
301        9l       28w      322c <http://10.10.147.101/content/as/js>
301        9l       28w      332c <http://10.10.147.101/content/_themes/default>
301        9l       28w      323c <http://10.10.147.101/content/as/lib>
200      114l      252w     3678c <http://10.10.147.101/content/as/index.php>
301        9l       28w      326c <http://10.10.147.101/content/inc/cache>
301        9l       28w      336c <http://10.10.147.101/content/_themes/default/css>
301        9l       28w      325c <http://10.10.147.101/content/inc/font>

http://10.10.147.101/content/index.php

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/41e107c6-ebb6-42b2-becd-d164ad185903/Untitled.png

http://10.10.147.101/content/as/index.php

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/3c689659-2b88-4910-bc6b-75c39be733c3/Untitled.png

4. Searchsploit

$ searchsploit sweetrice
---------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------
 Exploit Title                                                                                                                                            |  Path
---------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------
SweetRice 0.5.3 - Remote File Inclusion                                                                                                                   | php/webapps/10246.txt
SweetRice 0.6.7 - Multiple Vulnerabilities                                                                                                                | php/webapps/15413.txt
SweetRice 1.5.1 - Arbitrary File Download                                                                                                                 | php/webapps/40698.py
SweetRice 1.5.1 - Arbitrary File Upload                                                                                                                   | php/webapps/40716.py
SweetRice 1.5.1 - Backup Disclosure                                                                                                                       | php/webapps/40718.txt
SweetRice 1.5.1 - Cross-Site Request Forgery                                                                                                              | php/webapps/40692.html
SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution                                                                                         | php/webapps/40700.html
SweetRice < 0.6.4 - 'FCKeditor' Arbitrary File Upload                                                                                                     | php/webapps/14184.txt
---------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------
Shellcodes: No Results
Papers: No Results

Backup Disclosure and CSRF/PHP Code Execution look interesting.

5. Backup Disclosure

kalaratri@kali:~$ searchsploit -x php/webapps/40718.txt                                                                                                                                                                                  
  Exploit: SweetRice 1.5.1 - Backup Disclosure                                                                                                                                                                                             
      URL: <https://www.exploit-db.com/exploits/40718>                                                                                                                                                                                       
     Path: /usr/share/exploitdb/exploits/php/webapps/40718.txt                                                                                                                                                                             
File Type: ASCII text, with CRLF line terminators
Title: SweetRice 1.5.1 - Backup Disclosure
Application: SwtRice
Versions Affected: 1.5.1
Vendor URL: <http://www.basic-cms.org/>
Software URL: <http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip>
Discovered by: Ashiyane Digital Security Team
Tested on: Windows 10
Bugs: Backup Disclosure
Date: 16-Sept-2016

Proof of Concept :

You can access to all mysql backup and download them from this directory.
<http://localhost/inc/mysql_backup>

and can access to website files backup from:
<http://localhost/SweetRice-transfer.zip>

http://10.10.147.101/inc/mysql_backup

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/9075fb96-0223-44d6-a70e-0b71f736edce/Untitled.png