@waido said:
Hi,
I need some help (in DM) for privilege escalation.
I’m stuck on www-data user.
I used LinEnum and LinPeas to look for some clues but I didn’t find anything.
I searched for zip and backup file … nothing.
I searched for (valid) passwords in text files … nothing.
I searched on Google for “Ubuntu 19.10 privilege escalation”, I found something about sudo but it’s not applicable.
In very general terms manual enumeration is much better than scripts.
Thanks in advance
[EDIT]
Uhm … I haven’t tried the bruteforce of the u*****. php file yet … my next step
As a rule of thumb for HTB, if it doesn’t crack quickly it might not be the right thing. For attacks like this, try to have an idea of what account you are looking for and a reason to think it should be active on the machine.