Oh well, I’m calling it for the day.
I’ve managed to get RCE but no shell.
I could definitely dump the ***ql with all it’s content, I’ve used mannnny bypass those disabled functions but I’m still not sure what to look for.
I didn’t quite understand what exactly are “they” forgot/left unintentionally in the files.
update #1 - got ssh via ql.
update #2 - got user. I found a possible way for root, is the mt-*** is the right path here?
update #3 - ^^ yeah that was no the path =/
update #4 - found the path to root.
update #5 - was stuck for a bit, until @TazWake was mentioned the one keyword
I constantly ignore. thanks again (:
uid=0(root) gid=0(root) groups=0(root)
root
compromised