For the people stuck at port enumeration, remember that you can do many kind of scan with namp, and that some ports will respond only if correctly interrogated, with the correct protocol.
For the RCE: you must find the page where something is “running”… can you guess which command is being executed server-side and echoed inside the page? It’s a really peculiar output and i am sure you have seen it many times.
Try it on your local console, and see if you can inject something in it.
I’m currently struggling as root. I think i got the correct attack vector, and p* a*x is chocked full of fellow users probably looking for the same thing as me. But still no luck tho, i am not sure if the b** h***** is actually working at this point.
Any hint or PM would be really appreciated, my brain is literally melting
And, really, this box is amazing. I’m learning a ton of stuff