Finally rooted! This one was rough, foothold wasn’t too bad, I just kept making it more complicated than it needed to be. Root was really challenging as portainer’s documentation doesn’t cover what we needed to do at all.
Foothold: Don’t overthink it. Once you’re in, don’t look for some fancy exploit, just sniff around.
Root: Not too much I can say here without giving it away. Look into how you can use docker to access a host’s files.
If anyone needs a nudge, feel free to reach out! Good luck!
Any hint from backup file? I got user’s password, but it doesn’t work on ssh
same
I’ve gained shell access as user “tc***,” but I’m currently stuck. Do I need to escape the Docker container?
I’ve spent hours trying to figure out what to do with docker
key has no password. ssh2john is giving this error for key. do i need to reset machine ???. only found that comment
how did u get the shell access? Any hint?
any hint on where to use the m*****w creds?
I have tried with both subdomain, vhost but didn’t find anything interested … is there any other hint?
i have also tried with the worldlist created from website by cewl
Try with other tools, i use wfuzz
got the user flag but cannot find what to do next . can someone help ??
Where do I use m*****w credentials?
Got it! I disagree with some of the folks posting here about the difficulty of root. For me, it was pretty equally spread between foothold, user, and root.
My best advice is this: remember that it’s a puzzle, not an actual machine! When you find yourself achieving the next step, think of how you can leverage that step to reach new places that you haven’t yet had access to.
Best of luck to everyone in the rest of the season 
Any hint for container escaping please!
Hello Guys,
I have find the first entry point and got a shell on the machine.
To find the entry point, i used ceWL and Ffluf.
Now it’s time to find things on the machine…
Taking break and rest can sometimes help 
Thank regards
Do I get right that we have something to do with the “Create project from a repository URL?”
Hi bro, what’s up? Can you help me? I sent you a dm.
Nevermind, the step was way more stupid than I thought.
Hello guys,
I will answer here, but you should look the version of the website