On Linux, how can I give www-data more permissions/privileges when I am logged in as that user? whoami = www-data
A bit of background. I have performed an ethical hack on a web application, I have managed to upload a file by bypassing the extension type which allows me to open a remote shell through netcap. The issue is, the default user for netcap is www-data and I cannot change user or escalate as I do not know how.
Any help would be great!
On
It may be intentional or maybe not, but you're basiclly asking "How to hack". If this is in purpose of homework, please add the homework tag to your questions.
Since you're saying it's a pentest, I'll assume this.
The first thing to do is to see what file do you have access to, and what you can do with them, and then perform the basic task of a pentest like checking the versions of the used packages, softwares or framework and to see if they're any known exploit on them.
You can use
sudo -u <another-user>command to gain the privileges of another user.