Scan port 80, find a lot php files. Most of them are rabbit holes.
Get code injecting through fuzzing generator.php.
Then we can upload a php shell, and get reverse shell.
In /var/www, find a file named "hacksudo", and has some encrypted message in it.
Looks like ROT. Decrypt it with cyberchef.
Decrypt the pass hash online, get the password of user "hacksudo".
Check group, hacksudo has group "lxd".
It's a classic priviledge escalation through lxc and alpine. (steps skipped)