Great box - no ‘obvious guesses’ involved, you can build up the ‘exploit’ step by step.
Seems I was lucky with the reverse shell - it worked right away and as very stable, so I did not try to work around the ‘remaining expected error’. My advice is to 1) build up a non-malicious pe gradually, so that you can be sure that the server unps it nicely. 2) Then add a payload and keep it as simple as possible.
As others have said, create your own scripts to replicate what the server does. If you review the code see how you can ‘activate’ / ‘deactivate’ a payload so that you might tell issues with encoding etc. from issues with the actual payload.
For escalating to user: Don’t be too aggressive with published exploits, just look around 
Escalation to root - no surprises: Follow the standard procedure, google a bit.