I don’t know if I’d rate this as a pure CTF. It’s a lot of code reading, but that’s part of pentesting real world systems too. It just seems to be more condensed here. At least it’s not in some obscure language.
Foothold: Any fuzzer should work. I used wfuzz. Running the .py locally for debugging is a huge help.
User: More code reading. Take the time to understand the math being done. Ignore the context of what it says is being done, and just focus on the math.
Root: More code reading… pretty simple.
As a developer, I enjoy using someone’s code against them. Thanks @clubby789, that was fun.