It’s the first time I give “hints”, so please remove this post if deemed necessary.
For anyone looking to get hold of the user, I can see at least 2 ways in: one being more popular than the other. So at least 2 methods, 2 different places.
@lokori, “how many ways to skin a cat” to get the user, actually? Are there more than 2 intended methods?
This one has me stumped. I don’t even know where to start. I found something that can possibly be a way in but I don’t know where my files end up on the system. Once uploaded I can’t run
Now that you know of the possibility, try to read as much as you can. One hint is to see what other port is opened and think of what is needed for the service to work well.
I think mentioning explicitly which vulnerability you should (or could) use counts as a spoiler. Though in this case it’s sort of easy to guess that as the machine isn’t that difficult intentionally.