Finally rooted!
USER: a bit of enumeration showed me the right vulnerability to use, then it was not immediate for beginners like me to understand what that opened port did, but after finding the s** file it was not so difficult to use the informations there to obtain a shell and get user flag.
ROOT: spent a lot of time trying to figure out how to do a privilege escalation. Thanks @RangerRocket for the hint. After realizing what I was missing, I obtained a root shell.
Hope this is not too much of a spoiler. PM me if you need some help!