What can we see. We have only 1 user in the system – james and he has administrative privileges. Also we have SUID under root at /usr/bin/wget. That’s why our file was saved under the root.
What does it mean? It means that we can write and REwrite any file in the system including … /etc/shadow where are all the users passwords. So let’s change james and root passwords. Go back to our local machine, copy /etc/shadow to our working directory and open it. Then copy the root string and paste it below. Change the root to james. Save it and run the HTTP server.