Rooted! Some hints:
- Foothold: how do you say you’ve not to bruteforce? You have to! But you have to craft your wordlist. Unless you’re a genious of guessing
- User: what is the first step you do when you get a shell exploiting a php application?
- Root: easy to say, but not so easy to guess. Pay attention at the only result linpeas would give you. The exploit is one single command. If you’re uploading something to do root privesc, you’re on the wrong path