Got root flag, interesting box and learnt some new things.
Thanks to @iainpbsec and @jkr for the help.
@itomtech said:
Sorry guys this is driving me nuts to decode the hex… followed bandit12, get the type of b*2 file it is… etc… when trying to decompress saying invalid etc… am i completely thrown off scent? or am I missing a trick? DMs welcome
Done it guys… Just as I thought, I was missing something
Didnt wanna ask for help but I dont wanna waste any more time I cant get root through the easy way can someone pm me with a hint I can explain what I have got so far in the Dm if you want
Edit: Nvm got it just messed around a little more. Feel free to pm me for help anytime.
Guys please I need to get user I enumerate all read the directory but not found nothing! Any help please
I’m looking at source page but I don’t find anything, page source at administrator but anything, and the home page some times is working some time I have to wait 5 minutes to see the page I dont know what’s going on…
Guys please I need a hint to find user I’m searching in the home page, administrator page directory listing but nothing found what I miss up???
I am a little stuck, I have a PHP reverse shell and I am on as www-data. I can’t figure out how to escalate and when I try to grab files I get
edit, I was able to get the p******_*****p done and now I have user access and gotten the user.txt file and now i am trying to get root access and flag. i have seen where people say its obvious but i cannot see it and I am looking for a little nudge.
For your initial shell, enumerate source, think about common encodings.
Look at Overthewire Bandit Level 12.
To grab root flag, enumerate user directories and understand what is going on. Read man pages.
Still yet to get my root shell, but a fun machine so far.
Edit: I was able to get root shell. You just need to be a little more creative, once you figure out how to get the root.txt.
Good luck!
really nice box - if you need help, just ask 
Awesome Experience With This Machine Successfully got user and root flag
Hints 
for shell * view Source Code From start to END
2: for user.txt * google How Code injection Works with php and check all files given by greater might be useful something
3: For ROOT * don’t go far search nearby something is not right might be if you noticed check how its working
done.
for extra if u got the password or something dont waste time for gaining shell with php again instead think what else can help ex port twenwo
2: if you are unable to get proper shell think about why ? is any replacement for that error or issue ex. v*n
edit2: rooted
Heeeey finally rooted!! If you need some hint for this Challenge feel free to PM me
@komutanlogar, whoever you are, dont do this ■■■■ anymore.
Man, I feel stupid. Found user, and working on root. I found the process. I see it’s a sy****** li** to d***. Been trying to run commands using it, like in the c***. But, keeps telling me permission denied trying to access the /root directory. Can someone give me a hint?
EDIT: This was a rabbit hole!
such a great box, and really glad i could help out the ones that reached out! we are in the process of building a community on discord of programmers and net pen testers, we’ve been collaborating on custom scripts, challenges and are really looking forward to teaming up on new machines. I think this could be a really awesome place and would like the community’s help in building it up! here it is, really hope to see some of of you there.
Finally gained user and root! Big thanks to @rudeee for a little guidance!
User was realistic, love it, root isnt so much. I was like “No, it cant working like what, its a rabbit hole” but learned something cool about curl. Thanks to @rudeee and i can help in PM if you need.
I got it! I finally got it \o/
Advice for root:
Try doing what you’re attempting to do locally - if you have a gnu/linux distro available to you.
nvm
got it thanks