10.11.1.141
Found this URL
LFI by using searchsploit. Scripts didnt work from searchsploit but i manually was able to get this info by reading the script.
Found passwords from shadow file
Press 'q' or Ctrl-C to abort, almost any other key for status loading1 (?) 1g 0:00:00:11 9.31% (ETA: 00:59:29) 0.09074g/s 134992p/s 326922c/s 326922C/s mindthegap..mimalditavida BUGZBUNNY (?)
loading1 BUGZBUNNY
once on the machine
we can upload a perl reverse shell into tmp and call the shell by using the LFI
meh : https://github.com/russweir/OSCP-cheatsheet/blob/master/File%20Inclusion.md
Last updated