Fyi user access doesn’t require any brute-force or password cracking, just a little real-world thought process when it comes to how devs implement account creation sometimes. From there just look through normal files and you should find what you need for user shell.
If anyone is working on the A**** TC.d** for root, could use a pointer there, not very familiar with the underlying system