Rooted. Learnt a lot, this was definitely out of my comfort zone, thanks to the creator for the great lesson ! My hints for who is struggling with this:
° use burp to analize everything that happens in the web app, try to play with the parameters under your control and see what happens. if you get stuck at this point, you can take inspiration from here:
° once you can bypass the filters, look around, you’ll find something a little bit strange in one of the usual directories we always look at in unix systems…
° use what you found with “the service”, but don’t throw it away after that ! It will serve you again soon…
° once in the jail, you’ll have to find a way to get out…there’s not much I can say without spoiling, but you can check a very detailed guide, one of the first things you’ll see if you’ll google this technique. Be sure to try EVERY possibility, even those which shouldn’t work…
° now the final part…I’ve seen a lot talking about capabilities here…It’s not wrong, you’ll need to find the tool with the right capabilities, but don’t overthink too much this step ! What you can find here
https://packetstorm.foofus.com/papers/attack/exploiting_capabilities_the_dark_side.pdf
is far more complicated of what you really need ! Keep it very very simple in this step, and do basic enumeration. Sometimes the opposite of what we desire, is still awesome for us !
Hope this is not spoiling, happy hacking !