This box starts with a site that hosts request-baskets at version 1.2.1 which is vulnerable to CVE-2023-27163 (SSRF). After exploiting the vulnerability I access hidden resources on other ports and find Maltrain at version 0.53 which is vulnerable to CVE-2023-27163 (RCE). I can exploit this vulnerability and become the user. To become root just look at what you can do with sudo and take advantage of systemctl's default pager