Rooted. Thanks to all, who posted on this forum. I has read this thread at each time, when have stuck, and each time find the answer.
Seems, like this box have several solutions. My was a bit dirty, because i noob, but it’s work.
Root reverse shell, made by user reverse shell, made by stable another user reverse shell, made by unstable another user reverse shell.
###HInts:
Foothold: OWASP 10. I was surprised, when i see power of tool for exploitation this vulun. os-shell for example.
User: dolar, if not worked, look closer what rights you gives and who.
Root: Someone on this machine at your service.
Hope it’s not a spoiler.