Took me too long to get the initial foothold. I don’t think I followed the designed path. I got access to one of the accounts (without flag) after initial foothold, and then immediately got root (and thus user 10 seconds later)…
Fun box. Real life enough to be encountered for real somewhere.
Hints:
- Initial: You don’t need to search for exploit code once you find the interesting part. It’s more interesting to use the big text somebody has written. Just use tools made for the job, to find credentials and get your foothold.
- With foothold: Enumerate, and think about the name of the box
- With user access: Your power cannot be contained!