A little stuck on user 2 but picking away at it - will get there. Many thanks to @kkaz for the hints so far!
EDIT: Got root after many headaches and deadends. Thank you @dmw0ng for a great beginners box, I learned a lot! Thank you again to @kkaz for their help, and everyone else whom I dmed!
As for hints:
Initial foothold - Enumerate and find the interesting service, then use that Google-fu to find the exploit. If you’re having trouble with errors while running it, a quick search of the error should provide a solution. Also make sure you’re passing the correct argument to it!
User1 - Enumeration again. Grep is your friend. Also, who are you to be looking around these folders?
User2 - Look “internally” for an interesting extra www, once there, start curling then ask your friend John and his buddy for help.
Root - Check your privilege(s), after that just follow the steps.
Feel free to PM for hints