WoW, really cool box, thanks @thek
Just because I’ve almost shouted to the screen when I got root, I will try to give some meaningful advice:
user: just do normal enumeration until you find the API of a very popular tool used in devops, enumerate that new service, make a local copy and then enumerate again once you are iniside, from there you should get a ssh account to the box that will give you user
root: the fun begins here mate, I will only talk about the hard privesc since it’s the only one left at the moment, enumerate EVERYTHING as if it was the first time on the box, you might get too focused on 1 file as I did, but you will find out that you cannot exploit it directly, so ENUMERATE MORE until you find some creds, then exploit the service that the creds are for, finally you will have a shell for a user that will be able to exploit the last thing to get root (the 1 file I was talking you about), so setup your local thing and get your ■■■■■■■■ fucking root.txt
Let’s go mates, have fun.