nmap reveals 3 open ports, 22, 5000 and 8000

NOTE
After ending the machine, I found that the port 8000 isn't supposed to be open, so, I'm omiting what I found in this port, who was the database with the users hashes used to obtain a rosa shell.
It looks like a app used to scan CIF files, but, I need an account, I can create it acount with the register option.
Here in Dashboard, I can upload CIF files.
After some research, I found a CVE refered to a popular python library used to this tipe of tasks.

Using the POC code with the example code who the machine gives me, Im able to obtain a shell.
This is some type of container, but, here, Im able to found a database with a lot of hashes.
Using john, I'm able to crack these hashes.
With the credentials rosa:unicorniosrosados I'm able to obtain the user shell.

After scaning the local ports, I found something extrange in 8080.
Using ssh, I forwarted the port.
ssh -L 8080:127.0.0.1:8080 rosa@10.10.11.38
With this, I'm able to see who this service is working with aiohttp.
This version is vulnerable to LFI.
Using this, I'm able to read the root hash, ending the machine.
