Spent far too long on the initial guessing game. At the end of the day, I suppose it certainly is quite realistic, but I was majorly overcomplicating it. I would have rated this box closer to the “Easy” end of ratings as far as user goes, but I can understand why root might pose more of a challenge for those who are a bit unfamiliar with the service.
Hints per usual:
Foothold: Everyone is right about not needing a wordlist. Once you enumerate the users on the machine (basic scans can do this for you), you have everything you need. Try harder.
Once you have access, look around a bit. There’s something lying around for you which will help you escalate to a different user.
User: Utilize what you obtained. Be evil about it.
Root: Check your groups. Enumerate the service you find, and utilize the POC.
Thanks @egre55