The Writeup machine is a retired Linux operating system machine. By hacking this machine, we are asked for user and root flags.
General Machine Information:
It contains a CMS and a sql injection vulnerability that is used to obtain a user credential. Then user is found to be in the non-default group that provides a write access. By providing hijacking, privilege escalation is passed to root.
Machine solving
First we scan for open port information and versions to recognize the target machine