r00ted. Thanks for all the hints. I liked this box alot with the Joomla bugs and getting my reverse shell, but the fun ended after that. Getting user–I can’t imagine someone actually doing that in real world…I mean maybe a few odd folks here and there, but the first part was great because of real world, getting the PW BKUP was kinda goofy.
Now root was interesting as this is a concept I def. could see happening in real world. Thanks guys!