From a OpenNetAdmin exploit to get the initial foothold to the eventual GTFOBin privilege escalation. A classic easy-level Linux box.
Very nice write up, thanks for sharing.
Might be worth mentioning how you find the port the internal page is being served on though.