After gaining a shell as a low-privileged user (often www-data or tom ): Check for binaries that can be run as root.
If you used a symlink, you can now read the linked file through the web server. FUNHXX17.zip
If the zip contained a , you simply navigate to the location where the script was extracted to trigger a connection back to your listener ( nc -lvnp 4444 ). 4. Privilege Escalation After gaining a shell as a low-privileged user