aaand rooted. wow that was fun, thank you @dmw0ng !
my hints
foothold: CVE, straightforward
user1: enum the ■■■■ out of the files on the systems and grab all loot you find in them. never underestimate the power of the bad password habits.
user2: if you cannot go internal through a door, climb in the window 
root: too easy to give any hint, just look for the standard stuff