Nice box! Learned a few things and got a lot better at using different tools.
Foothold
Do not get stuck in the rabbit hole that I did on the web piece. Return to your nmap scan and keep things simple. Make a simple config tweak and observe the new avenue you have opened! From here, enumerate until you find a way in. Found a new piece of functionality that you do not know how to leverage? Maybe it can be used differently from how you're thinking about it.
User
Fairly simple once you find a way in. Basic reverse shell work.
System
Far easier than user. My difficulty was in achieving a stable shell and finding a good way to read the output of the tool I used. This tool is extremely commonplace for Windows privilege escalation; you will know what it is. Simply read the output carefully and Google for an article that demonstrates how to use the exploit; it is very straightforward and takes little time at all to execute.
Please feel free to DM me for hints!