Hack-From-Home Challenge Walk Through

This SensePost CTF walkthrough documents a multi-step compromise of a vulnerable web application: initial information disclosure and steganography to obtain a first flag, a PHP system() unsanitised command injection leading to remote command execution, discovery and extraction of a flag from an exposed Redis instance, and final privilege escalation to root by abusing sudo permissions for vim.