I'll make a very succinct "lessons learned" (not really a detailed writeup) on this lab,
showing each main step while trying not to be uselessly verbose,
focusing only on important options or tricks that I missed (and so may you).
I took the opportunity to try pwncat-cs for this
TryHackMe lab
It is always good to create a dedicated folder for a lab, a CTF or a pentest.
For this one, I've put all the notes, screenshots, payloads, etc into
~/pentest/target/tryhackme/vulnversity/
Always make screenshots at every stage of your attack, from the very start.
This will make it way easier for you to write down your report, being a lab, a CTF or an actual pro pentest.
You may move the screenshots to the dedicated folder you've created once your mission is accomplished
(flag taken or pentest done).
Note that the root user may be named admin or sysadmin
or whatever
The services are arbitrary commands.
If you have the rights (through the lab/CTF's interface) to start arbitrary defined services,
then you have a RCE (Remote Code Execution) and probably a remote shell
It seems the service file must be named .service,
hence the mv command
The nc utility is a very rough reverse shell (no tab completion, no up/left arrows,...)
so you may rely on
pwncat-cs
instead, which will have nice completion and history features
When uploading a file using a reverse shell, ensure you are allowed to write
to the destination directory (here, www-data cannot write to bill's
home directory