[*] Stop. Examine your environment! Ask the machine for HELP.
[*] What commands can you execute? And what do they do?
[*] Do any of those commands allow you to do more than intended?
Stop thinking “how do I?” and start thinking “so what would happen if?”.
Finally rooted. This box was a lot of fun
The configuration flaw that I exploited for priv esc came up early in enum, but figuring out how to actually exploit it took some research and I learned something new about Debian.
Same as Vex20k! I get into SFTP and looked at the available commands but I don’t see how I can use them to my advantage. I tried using the c**** command on my reverse_shell but I still can’t run it. Definitely missing something here! Any hints?
Regarding the uploads from admin, one of the listed plug-ins should look different. Look and the info in it and combine it with what you see on the page. Then try to exploit it. Only then will you be able to know about the upload function properly. You can’t just “undisable” the button and try to upload. It’s been disabled. But once you know the source code of the special plugin, you can create a nice workaround
I’ve spent too much time on priv esc on this one, I was on the right path from the 1st minute but I just knew too little about it and couldn’t set it up right. My little advice: don’t try to build it the way big boys do, just start from scratch and build bottom-up.