Great box IMHO. A great exercise for someone new to binary exploitation like myself. Some advice:
User:
I had trouble finding the correct commands to send what I needed to send to the binary. The “cat” command without a file name reads from stdin. So “(cat payload_file; cat) | ./vulnerable_binary” may be what you need to test your exploit payload.
Root:
The file that stands out - it can be “locked” with more than just a password.