Hello. I stuck on final stage of module “Getting started” on academy. I’d solved first exercize with openning user.txt by metasploitable + getsimple RCE exploit. But next task is getting root.txt file is need to run LinPEAS.sh to find any ways to escalate pivilege.
So i can’t figure out how to do it. The next step recomended in tutorial is " Python3 pty trick to upgrade to a pseudo TTY" but i can’t run it through meterpeter or sh on local target machine.
Another vector is that “sudo -l” on target says that all users may run /usr/bin/php. I’ve wrote shell with “<?PHP system(\$_GET['cmd']);?>” uploaded on target and curl it but nothing happend.