Hi there, just p0wned it. The first foothold is easy; the second one is for those who have patience… Here’s a couple of tips:
-
First-foothold: as someone else said, focus on *. file and **. file, the first one from some service and the second one from another service. Combine them together by reading some OWASP Top-10 vulnerability. No need to perform RCE or shell, you can grab user.txt in no time.
-
Priv-Esc: have patience.
Good luck!