Foothold: Luckily there are no rabbit holes (at least I didn’t encounter any). I didn’t even use nmap, the target is obvious.
User: Fighting with eclipse to test locally was the hardest part… I hate that IDE and that language! But testing locally definitely helped writing an exploit that works. I didn’t use any off-the shelf script, some experimentation was needed to get everything just right and find the stuff that works.
Root: Too ■■■■ easy. Looks like there are multiple obvious candidates to escalate privileges. No surprises here.
All in all a very nice machine. The user part takes some time but with an evening of reading up on the topic, even I managed to come up with a solution from scratch.