So the /panel is a place where we could upload files and /uploads lists the files that are uploaded. The upload does restricts files with obvious extension like .php, .war, etc but if we upload a php file with extension php.jsp or .phtml it does not stop the upload.
There are web shells available in /usr/share/webshells which can be useful here.
Upload and get shell.
Now we have to escalate priveleges.
We are searching fot bianries with SUID bit set. Python has SUID bit set lets get the comaand from GTFObins and run to escalate privileges.
