You currently have a terminal( be that in a browser or by some other means). Here are some things to do with python.
Quickly determine versions of local python
open listener on attacking machine
from target terminal(web) run python
attacking machine should have shell
do you have a list of users?
because you know users and you know their shells we can potentially switch to that user
#sudo -u <diff user name> /bin/bash (or whatever their shell is)
upgrade shell with python
you may have root at this point
you can do a reverse shell from this account
open listener on attacker
run reverse shell script above. In some scenarios you may need to run the script from an already running cronjob
you may not need escalation at this point, but unlikely