Just got root. The crucial thing for both user and root is to take things slow. The path is relatively straight forward, but you need to read the source code of the exploits and understand what it’s doing and make necessary modifications in the source code or do some other prior setup.
For root, someone already mentioned this, but consider your approach in Poison. Very similar path.