I found this box teaches some valuable lessons - particularly the rule about Linux file permissions that priv-esc teaches.
Also found the enumeration steps surrounding the website to be essential skills for anyone attempting bug bounties - as SSL certificate inspection forms a large part of open-source intelligence gathering.
Some steps were painful though - so do feel free to PM me for hints.