This has got to be one of the hardest box I’ve attempted because of the heap exploitation.
Awesome write up - as always!
This box nearly broke me. It started off hard and every single step got harder. Love the clarity around how you’ve described the final exploit - mine was a total mess as I tried all kinds of stupid things!
Fine exploit for root but I would use ssh for remote exploitation.
You already have ssh key at this moment and ssh doesn’t demand upload and use socat.