Super fun and challenging box with a variety of exercises, much appreciation @thek! Did anyone succeed in getting a root shell? Or getting root flag in a serverless manner?
My advice:
Gaining a foothold: Look around until you find a weird response, encoded inside it there is a hint pointing to a useful sub. Learn about that technology and think about the box name to figure out how to use the sub – think lazy for auth (thanks @reverse1!!). Sniff around in your new environment until you’ve found to find a useful config, it’s a little dusty but probably still works just fine.
U1 → U2: Try to establish a strong web presence with info you extract using U1 powers.
U1 → root: Think about a super awesome Linux privesc technique and find out what you can do. Looks like you can trick Midas into moving his gold to a location of your choice, which seems fantastic until you realise you don’t have the ability to see them! ? Just when you’re nearing tears because you can’t see the results of your effort, remind yourself you’re still a 1337 hax0r, and probably just need a nap. After you curl up and get some rest, (with complete disregard for your safety given your position in the enemy’s lair), you’ll find the answers come to you in a restful dream – seems like restrictions don’t transfer into the sleep realm.
Happy to help if if anyone needs a nudge on this amazing box!