Rooted! Some hints:
* Foothold: how do you say you've not to bruteforce? You have to! But you have to craft your wordlist. Unless you're a genious of guessing :wink:
* User: what is the first step you do when you get a shell exploiting a php applic…
Initial foothold: too much easy
User: don't try to bruteforce the pass, bruteforce the key ;)
Root: Simple but tricky... one advice: when you read gtfobins, the most important part is the first line, where it talks about a very small editor.
Can anyone help me? i've tried the bitflipping with burpsuite grepping the username on profile, but the problem is that i don't get error and so i'm not able to enumerate the users to find others.
Can anyone give me a hint or PM me?