Nice machine enjoyed this one.
User: read the exploit really carefully and follow exactly what you should do, if you did a dirb run there should be a directory which make the most sense for the uploaded tickets. no code changes in the script needed.
Root: as Spiderixius wrote: g0tmil1k has a nice list and searchsploit is your friend