Read my writeup for Static machine:
TL;DR
User: On robots.txt file we found two URL’s [/vpn] and [ftp_uploads], Download db.sql.gz file from the FTP, Fixed the corrupted file using fixgz, On the fixed file we found the hash of the admin credentials to [/vpn] portal, Create OTP and log in as admin to the [/vpn] portal, From the VPN portal we download the web.ovpn file, Using that, We can access to the [web] website, Found file info.php which lead us to PHPInfo page, We found there Xdebug PHP extension which leads us to RCE, Using that we get a user www-data shell.