First scanned the box.
As I was clicking around i found this. http://172.16.94.135/files/be_demo/blog/categories/newlogo.jpg
I first tried to upload directly using the firefox plugin Poster but the uploads kept getting renamed and php extension were being filtered somehow.
[CVE-2015-1318 newpid (apport)]
The link to the exploit can be found here.
Thanks to Viper for the awesome challenge and ofcourse g0tmi1k and the whole vulnhub community who keep the war games coming.