@iVirus said:
For user,
- Need python knowledge and a bit of creativity to get Remote Command Execution (I think this is the hardest part)
- Use RCE to get minimal shell then use the command posted by xtech to get bash shell
- Research on a service running there and two very well known vulnerabilities in the version running, that will give you elevated access to the service
- With elevated access, check all data that you find and one of them will get you user
For root, check what you are allowed to do with elevated privilege and then find well known methods to use the operation to get privilege escalation
Finally got root today, thank you iVirus - this tip was very helpful. pm me if you need a nudge.