Read my write-up to Mentor machine on:
TL;DR
User: Using snmpwalk, we were able to find password. We then discovered the virtual host api.mentorquotes.htb, which contained Swagger documentation. With the password we found using snmpwalk, we accessed the /admin/backup API as the user james. We found a command injection vulnerability on /admin/backup. Using this vulnerability, we were able to gain a reverse shell as root to the container. We created a TCP tunnel using chisel to access PostgreSQL and found the password for the svc user in the users table.
Root: We found the password for the james user in /etc/snmp/snmp.conf. We then ran /bin/sh as root and were able to obtain the root flag.