At the end read root.txt.
Here is my hints:
- user: find web page to login (but not login) ; try to inject some code (but not sql inject)
- root: enumerate and gtfobins
PM me if you need help.
(and if someone can explain me how to get a root shell please PM me).