Heal

Foothold
1. LFI to get sensitive data from Ruby files
https://gist.github.com/harisec/b2deded5be122de0133dcd64dc8baa86
2. Crack the hash for the user
3. Login to the Lime Survey console
4. Exploit to get foothold
https://github.com/Y1LD1R1M-1337/Limesurvey-RCE
5. Get reused password from config file
PrivEsc
1. Find another service running on the local machine
2. Chisel to get access to it
3. RCE
https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171
{
"ID": "gg",
"Name": "gg",
"Shell":"/bin/sh",
"Interval": "5s",
"Args":["/bin/bash",
"/tmp/rev.sh"]}