Finally got this box today. Thanks to @infosecjack and @chivato . This challenge taught me several new things. All in all, for me, this challenge was hard.
- Initial foothold - Intelligent fuzzing/enumeration. Main page does give you hints. Look for client side controls that you can bypass. There is for sure more than one attack path to get the initial foothold.
- User - All I can say is look around for binaries and processes.
- Root - Some knowledge of crypto, unix and python will help. You will need to be creative.
Feel free to drop me a message or find me on discord if you need nudge. Will be happy to help.