Finally rooted. Thanks to @sickwell @safexsal and all others either in DM or public. This was an interesting machine though user was not that easy. I haven’t figure out on how to send a proper request for higher port to get creds but after struggling for a while was able to get shell by checking code on github.
Now root, root was super easy if you know what to use. I didn’t even looked at that direction. It was super fast if you know what to do. Check for versions of stuff to find an existing exploit.