Finally i got root, special thanks to @kotoffski !!!
Things i found:
User
- Find that one CVE
- Really look close in all files
- Go your way in as the user
- Look at some internal services
- Get some tunnel vision
User 2
- Talk to John to give you the right credentials
- Login as the user you got credentials for
Root
- GTFOBins like approach
Was really a fun machine, took me around 5 hours to get in.
Thank you for the box @dmw0ng !!!
If you got stuck, feel free to ask me for hints, please be clear where are you at and what you already have done.