■■■■, I spent too much time banging my head against the wall on some stupid mistakes. I went the easy (unauthenticated) route, since I couldn’t figure out the high port endpoint, and after reading the code I’m not sure how I was supposed to discover that other than a wild guess.
Hint for user: go read the code, seriously, pay close attention to it, don’t trust the exploit documentation over what you’re seeing, but the exploit code is correct.
Hint for root: I hate typing in the wrong window almost as much as I hate Caps lock.