Nice box, I was amazed on the first foothold, so simple I nearly didn’t take into consideration to try it…For the Root part I really wasted some time because I forgot to export path xD
TBH some of the tips in this forum are so cryptic it feels like trying to understand klingon.
Here’s a few of mine, maybe it helps…
Initial foothold: it’s a login form, think basics, don’t over complicate it
User: It’s pretty straight forward, it’s not the first and neither the last machine vulnerable to this… even a monkey could pentest it 
just don’t forget to sign your magic.
Root: Honestly this is a bit harder and not all the information you find online is gonna help you that much… To begin just search for what binaries a user can execute then start digging into them and see which can be exploited and how. #suid