As opposed to everybody else here, user was easy but root took me ages, so here my 2p:
- User: Once you find folders, files and goodies go for the exploit. If you don’t understand it or don’t know how to use it there’s another one going about in GH that will make your life easier (comparing both will help you understand how the exploit works
) You’ll have to wander around a bit to get the flag. - Root: Use different enum tools, as they’ll give you different useful information. The service way didn’t worked for me, so I went with the remote way. You’ll notice the odd program; Google the vulnerability and find where to look for it. PAY ATTENTION TO YOUR OUTPUT. I literally had the answer right in front of me, but was focusing in something else. Remember that different tools can give you outputs in different formats.
Hope that helps somebody. PM if you’re really stuck.