Classic image upload vulnerability to get the initial foothold followed by PATH hijacking for privilege escalation.
Port forwarding with socat and calling the target’s MySQL DB from your machine is just awesome. I didn’t even think about that. Thanks for sharing sir.