Upload arbitrary files to the victim server, usually as the 'apache' user (depending on webserver's configuration).