I will give some hints:
-
User : Image is important to get a hint, but is not necessary to get into User. Enumeration is the key, try to play with the high port like an API. You can use
curl, in my case Burp’s Intruder help me a lot. A little knowledge of Spanish is helpful
-
Root: After accesing user, try to do a common enumeration, then try to access new resources. There is a common vulnerability, try to exploit different from the PoC (does not work and you will lose quite time), try some other attack vectors of the same vulnerability. After this, reading configuration is important (but you will not find some keys
) you have to understand what is performed and how to take advantage of it.
Hope I am not spoiling.