Good hint 
@CHUCHO said:
Again THX for this box. Was awesome but I didn’t like it too muchMy Hints
this machine is 2 by 1, to the first part don’t discard the params in POST requests (this will give you RCE)
to get root you need verify app and credentials, enumerate (as usual). When you find the other users, just create yours and give it to him status. Then verify the process executing on the machine and read the forum XD
Initial Foothold
It was difficult to obtain the user, as many say in this thread you have to look for all the logins, after this go for the credentials, (there are also key clues in this thread for the enumeration) there are several ways to do it, at least I have seen two vulnerabilities to achieve it, for those who achieved the S** In******n, at least one of the hashes can be created, it will not take much time and the password is an important clue to realize another vulnerability that you could have used before xD, once in the next step is the RCE, it took me a long time when the attack vector I have done on another machine. Look at the POST parameters and play with them.
User & Root
In this part I went directly to root, it was easier than the user, although many talk about BOF I took advantage of the problems of the web application, if you put the correct number you can enjoy the grace period on the machine with your user 