Has anyone work this CTF was needing some pointers to gain access to the data for users ?
I just downloaded this VM and I'm guessing that you're looking at that todo list and asking yourself how you see the users table it references.
I would say for you to read the very next line in that todo list and this will point you to the technique you'll need to pull off.
From there you just need to find a vulnerable area to use said technique and then you'll be on your way to that lovely users table info.
I'm being intentionally vague here because I don't want to give you too much info so you can work it out yourself, but if you need more guidance post your workflow so far and what you think you need to do to advance so I can more clearly give you advice.
Happy Hacking :)