Hints that worked for me:
USER: I didn’t used the tunnel thing. It was easier with another exploit IMHO, only need a little modification to point to the correct site 
After that there are a lot of documentacion, I saw a video but the file in the comments broke the server, don’t use that, try to download the same file from another part but use the contents of the video to achieve the reverse shell.
ROOT: With a common enumeration you can get it.