Honestly this box wasn’t that easy imo.
I required some time for that user flag, it’s pretty obvious where to get your head into, but not that easy to actually find what you need, or at least for me it wasn’t.
Once you find the CVE, the getting it to work part is also kinda experimenting. Afterwards, ez.
I definitely learned something cool and useful from this user part.
The privesc was probably the easiest I had so far, lol.