Excellent box I really enjoyed.
My Hints
User: enumerate application and fuzze the forms. You will find some useful things. Capture creds and then try to modify the attack and get more softistcations to get a shell
Root: Enumerate as usual and try to exploit the bank.
This machine remember me the OSCP. Awesome