Oof. That was a fun, definitely learnt a few things. Need to go back and understand how the foothold was actually gained though, as I just used something out-of-the-box from msf.
Foothold - As others have said - enumerate lots, check software versions for known vulns, google. I spent a long time staring at that main website because I forgot to do a certain type of enumeration, but fuzzed my way there in the end.
User - Not sure whether I did this the right way, but this took me the longest time by far. Once you have a foothold, try to find out ‘where you actually are’. Once you understand that, just have a look around. An old enumeration script ended up pointing me in the right (?) direction.
Root - Again, enumerate, you’ll find something interesting.
Can’t say I had any of the problems with 502’s I’m seeing people talk about though