This user was restricted so looking at the /etc/passwd file we found a user
We executed the same reverse shell on port 443 as the user scriptmanager
So now we have a low privileged user as scriptmanager
We found a scripts folder in the root dir
We could see it was running the test.py file as root so we could inject a shell into the test.py file to see if that would give us a reverse root shell on port 444.
Checking the contents of test.py.
After a breif period we found we had a root shell,