Nice writeups guys. I’d definitely recommend jd-gui for decompiling the jar. No need to extract any classes or anything when using it. Also @ippsec got it, Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation - Linux local Exploit (4.4.0 kernel doublefree) will work most of the time from what I have heard as a backup esc method. Some people mentioned having to modify it to grab the flag automatically, as it does make the machine very unstable.