Rooted. Nice Easy Machine
Foothold: Fuzzing should help you with the username. Fuzz with multiple common extensions. Then you can create your own script to brute force password. Remember wordlist is right in front of you.
User: Basic manual enumeration. New is better.
Root: Easiest of em all. Don’t think too much. Look for common linux privilege escalation attack vectors and try them all. There was a recent CVE for a common binary in linux. Hope this is not too much. DM for nudge