Took a while but I finally got it.. User was way harder than root in my opinion. Small hint: don't forget to think "why do I need to become this user before going to the next?", check what privileges your current user has that the previous…
Rooted. Fun and simple.
* Check out OWASP top ten
* How many ways can you think of for redirecting the output of one command to another?
* Last step is pretty straight forward, but you'll need some Googling
Feel free to PM if you're stuck
Awesome box! My hints:
* Initial foothold is quite simple, just probe all the params you find.
* You'll need to RTFM for certs and a****f. Look for the correct format if you're trying to import to firefox.
* Think about the user's name, enum…
Root took a while for me. Pretty much everything has already been said in this discussion, but still I'll add my hints in case they help anyone..
User: Wappalizer + Google. You should read all the exploits you run carefully before running them.