Tips (most of which have been covered, redact as necessary):
Initial: standard enumeration will suffice; identify the vulnerable service; no MSF necessary, nor code bending.
User 1: ls and cat are truly all that you need. Start locally, you don’t have to dig too deep. It’s not uncommon to find credentials stored in plaintext, so what kind of key searches would help you obtain these? Once found, use another service you found in your initial recon.
User 2: Same approach, but cast the net wider. What processes are running? What ports? What directory? File enumeration is significantly easier than User 1. The credentials for User 2 may not be as easy as plaintext, however rest assured there are tutorials (IppSec) that walk you through the process of obtaining the password. While the service for User 2 is the same as User 1, there’s a small detail some may need to troubleshoot if they’re getting an invalid login. Trust your gut, the password is correct. Solution isn’t hard.
Root: Many have covered this already. How do you find what you can run as root? What do you see? Can what you see do more than just RW? How?
DM for tips.