For USER:
Make sure you get a shell to the right location or host. Ensure your reverse shell settings are correct. If your reverse shell box’s hostname looks random, you’re in the wrong spot.
Upgrading your reverse shell user:
Look around for some custom scripts and see if you notice anything interesting about them. How could you use that information to get from one user to another?
For ROOT:
This one took me a while to get right even though it’s pretty simple. Research common priv esc methods. Do you have something available to you that matches one of those methods? Once you identify which method to use, do some research about why the exploit works and why it tricks the system into giving you root. Then figure out what system commands that thing is actually performing with the input you give it. How could you trick it into running different, custom commands that would pop a root shell for you?
Please report if you feel like this is too much of a spoiler, it won’t offend me 