This is a Linux machine with ssh and two different web services enabled. One of the web services had an API vulnerability that could leak user credentials (though it required a key). Coincidentally, another service had a source code disclosure vulnerability. We found the required key in the Git logs, thereby obtaining SSH login credentials.

Subsequently, by decrypting Firefox browser data, we acquired credentials for another user for lateral movement.

Within their home directory, we discovered a SUID program with a buffer overflow vulnerability and weak security protections. We exploited this using ret2libc to gain root privilege.