Got root from www-data, with an exploit that was used in an other HTB box a few months ago. All in all, had some fun and learned some stuff with this one, so, thanks @askar ! 
Can I DM anyone about the www-data > user path ? Thought it was SQL related at first, but it turns out someone just left that open while popping the box. Can’t really see anything, now, would love to know !