just owned it.
Hint for user ~
enumeration on web should give you quick shell and privesc for user is pretty easy after that.
Hint for root ~
Its something u would have notice before u got user and now you can exploit it.
it would not be very hard if you are good with binary exploitation