www-data
After gaining an initial foothold, it’s essential to check for sudo privileges
www-data@swagshop:/var/www/html$ sudo -l
matching defaults entries for www-data on swagshop:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
user www-data may run the following commands on swagshop:
(root) nopasswd: /usr/bin/vi /var/www/html/*The www-data user is able to execute /usr/bin/vi /var/www/html/* as the root user without getting prompted for password
vi
vi can be used to escalated privileges if configured to run as superuser by sudo