All of the answers are present within this forum, but ill put in my 2 cents:
User: Robots are your friend, love thy robot. Once you know what the website is running next find your exploit. If your having trouble cracking the hash, have a look at the exploit to see the format of it. (Also you don’t need john/hashcat)
Root: As everyone has said have a look at the processes, you will find something peculiar. But don’t get your nose too close to the ■■■■ hole as you can easily get stuck fucking around. Remember Padawan the PATH to success is right in front of you!
Last but not least dont fkn copy the root flag to /tmp, spend the 2 mins getting a reverse shell or just use cat.
Thanks @jkr dope box