Very nice box, except the last piece, over complicating things IMHO. The idea is very fresh and funny to learn.
-
User : There are some APIs to play with it in several languages. After fighting a lot I used R**** IDE and works perfectly. Then, there is a very common vulnerability but with a different approach.
After that, enumerate a bit and pay attention to some information that is in front of your eyes. It will give you a hint to what to search. -
Root: The first path is not hard, just need some interaction. After that, the crazy enumeration comes in place. Thanks @CyberMnemosyne to give me a little hint. To make it easier I suggest to pay attention to this two comments:
I think this root flag bends a little the rule that the flag have to be inside /root/root.txt … Well, it is not exactly inside but it is very close.
@will135
For those stuck on the last step… don’t slack off and keep trying
Congrats @artikrh and @absolutezero 
I enjoyed it