Finally rooted this box. This are my thoughts.
USER
- Enumerate the web directories using anything but gobuster. Be recursive if you must.
- When you get your first creds play around with the username. Alias for root is what?
- Some people used curl I use postman cause I was already comfortable with it.
- When you get all 4 creds remember who is the admin. If you did your port 80 enumeration well enough you would already know where to use the creds
- Once you have dashboard access. Well you already know what to do.
ROOT
- Is there any privesc on this box. I wonder…