https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection/Intruder
Search in response
root:x|(uid|gid|groups)=\d+|bytes from 127\.0\.0\.1|Configuration File \(php\.ini\) Path |vulnerable 1|Trying 135\.23\.158\.130|127\.0\.0\.1\s+localhost|BROADCAST,MULTICAST|drwxr-xr|Active Internet connections