I banged my head a bit on this one.  The low privilege shell was quick but the privilege escalation had me twisting for a while.  This box is definitely a mixture of standard exploitation with a CTF twist.  CTF is not really my thing but I enjoyed this box.  It was clever and there were some components to it that are truer to life than some of the boxes that don't seem to have a purpose other than being a target.  

If you don't already use the web site "have i been pwned?", you should. It's a solid resource for checking your accounts for possible compromise.  Basically, you enter your email address, it will search through its database, and if your address shows up in its list, it will spit out the compromised sites and the details of the breach.  

Another feature of the site is the ability to check a password against their list of compromised passwords.  There are about 580 million passwords in their database and while you think "l33thacker" is solid, their database says it's been found 55 times.

#!/usr/bin/python
import hashlib
import requests
import os
print
password = raw_input("[*] Enter password to check: ")
print
sha_1 = hashlib.sha1()
sha_1.update(password)
hashed = sha_1.hexdigest()
first_five = hashed[:5]
print "Checking against Pwned Passwords..."
print
host = "https://api.pwnedpasswords.com/range/" + first_five
remaining = hashed[5:40]
url = host
headers = {'User-Agent': 'Mozilla/5.0'}
html = requests.get(url, headers=headers).content
if remaining.upper() in html:
    print("Bad Password!")
else:
    print ("Good Password!")
print