@kalkipoison said:
Can someone please nudge me? I’m stuck after getting reverse-shell as a www-data user, I can see ******* user.txt file but can’t read it. I don’t understand where to go further.
Enumerate. If you ran a tool like nikto against the site, or did a good job with dirb/dirbuster/gobuster/whatever then you should have seen some files that look interesting but you couldn’t access them.
You can look at them in the filesystem.
If you get any credentials always check for password reuse.