Read my writeup for dynstr machine on:
TL;DR;
User: Founding RCE on no-ip.com API, Get shell as www-data user, From www-data we found SSH private key on /home/bindmgr directory inside strace-C62796521.txt file.
Root: By running sudo -l we found we can run the following script as a root /usr/local/bin/bindmgr.sh, The script copies file as a root, By creating ln to /root/root.txt we can read the root flag.