Rooted 
Initial Foothold:
This track helped me a lot, after looking for another way of accerder, as is common in several machines this does not need Brute Force, you do not need to be an expert in using the web application, just look for something related to the name of the machine, it is possible that an interesting message leaves you stuck, looks for another way to follow… Search in the documentation of the technology that uses the machine, has interesting features for the developers:
@Skunkfoot said:
if you do want to bruteforce it instead of doing it manually (even though doing it manually is easy and quick enough), create your own wordlist and use it for both fields. If you’re looking closely enough, you shouldn’t need more than 4 targeted entries…Honestly, if you look closely enough, you’ll know it when you see it. You’ll see it and think, “hmm, that’s weird, looks like the creator of the box made a spelling error…”
Well he didn’t, it’s there intentionally, just like guest access is. Hope this helps, please remove if it’s too much of a spoiler.
User:
Here is just using Google a bit to achieve the RCE, when you do you will notice something strange when you enter, you will feel that you are not where you should be, good advice: Play with the documentation of the technology used by the machine and you will find the flag
Root:
Everything you need before your eyes is not complex, escalation is related to the way in which the machine searches and executes certain binaries, looks for ways to cheat the system, there is an interesting binary to do it, maybe you need help of C ++