Rooted, took me way longer than I would have hoped.
User:
I took the ** port way, I think it is quite easy, just remember to enumerate. I personally did read any of the Github code, just google/exploit-db anything you stumble upon and the you will quickly see what you need to find next.
Root:
Although it’s not difficult it’s very easy to just fall into a rabbit hole and ignore the basics.
If you need any help PM me.