Exploiting Nancurinir Reflection

• Finding the website and a phpmyadmin page login was not that hard, but finding the password to actually be able to login to the mysql database and get the exploit took a long time. The password was obvious in hindsight, but I was looking for more complex solutions to the problem. I progressed through the lab fine after that and was able to get the exploit and reverse shell working in not too much time. However, I got stuck when I was unable to view any directories and got a 'permission denied' as the www-data user. It took me a lot of googling, but eventually I tried to change the user using su to gandalf. I was confused at first and thought it wasn't working because there was no confirmation message or shell information. Eventually, I just started typing commands after using su and realized it was working. After that, I was able to find the root and user flags by elevating to root using sudo -i -S.