. Just playing around , try to use an old technique for remembering my 'old' brain how to do that without harming the "target" machine.
!Honestly, i dont do 'nasty', 'bad' and 'stupid' things 
. The funny thing , many sites are not aware against permission file restriction, ive found many configuration file are readable by "non-user" or Unkown user, also leave some testing Directory (!funny ?) which is name "test" , "forumtest" and else with writeable permission for "non-user" (Again?), Also ive found 'similar' mapping to site for example for site "one" it was /home/siteone/var/www/html/ then site "two" must be /home/sitetwo/var/www/html . !Yes, It make easier for admin to manage it, but it also for me to jump from one user to another
.Another vulnerable are the password store in some databases are notencrypted (not all).... !So ? .
I tell you what , many big-sites (have many member) are included
.