@d4gd4 said:
I’ve become confused about ‘user1’ and ‘user2’. Are people counting www-data as ‘user1’ sometimes? I had been assuming I need to move through 2 users AFTER www-data.
Try not to fixate on the terms and paths other people use, it wont always help you.
There may be multiple paths to get access to the root flag - the only one that matter is the one you can manage it through.
For example, on this box, there are six user accounts which appear to have interactive shells.
I have moved on from www-data to another user, and cannot find any info leading me to the next user. I managed to get some enum scripts
Manual enumeration is often better.
onto the machine despite there being a clear (very small) limit on the size of files I could copy over, and this gave me some ideas on WHERE to look. I simply don’t know what to look for. Some obvious keywords haven’t paid off…
So, first ask yourself what is it you are looking for (and I dont mean “passwords”). Have a think about what activity you want to be doing.
Then think if that activity is audited. It probably is. That means there might be a log of what has been captured by the auditing system.
When you find this, there might be too much data to easily read so now you can narrow it down but, again, think about how it is logged (hint: it doesnt use terms like password )