You seem a bit confused about the concept. An open redirect is just a redirect. You browse to http://google.net/redirect?http://stackexchange.com and it tells your browser: please go to http://stackexchange.com.
That it is an open redirect means that I can make it send you to anywhere (like an attacker web page), usually by embedding in the link the page where you will be sent.
1> Victim can be tricked by phising
Yes, it is possible that the victim saw a link to google.net and then thought he is visiting that site (and thus blindly enters his google credentials), without noticing that the url now shows evilattacker.com.
1> Can i run some system commands by webpage ?
I wouldn't consider the above like running system commands. It may be possible to use an open redirect to bypass the same-origin policy protections, though.
2>If it found in any login page (because login pages mostly redirect after entering credentials) which is using HTTP not HTTPS, can the user sessions be hijacked or Can the credentials be stolen
Mostly no. Unless the redirect back (ie. when it sends you back to the attacker-controlled url) is added a token, or there is some information in the Referer header (a token, your user name…), the final page doesn't gain any additional privilege from having made you login, as it will be handled by cookies that aren't sent to the attacker page.
2> Root access by serving some browser exploits ,
This is incorrect. If your goal was to serve the browser an exploit, you could have done that directly. Remember that the first step is to make the user follow an attacker-controlled url. The open redirect may help you trick the user (see 1), but Root access can't be considered a consequence of an open redirect.
3> Can the victims traffic be routed as desired (by acting as a proxy by malicious user or generally MITM) .
No. The server doesn't act as a proxy (getting content in your behalf and passing it to you), just as a redirector: sending you somewhere else.
And specifically:
3> Victim can be made a part of BOT network by opening a connection to some IRC.
An open redirect doesn't allow you to connect to irc, as the browser won't be able to follow an irc:// link (if it is able to handle it -most won't-, that would launch an application/plugin, not automatically connect you¹).
¹ And connecting to irc doesn't automatically compromise you, anyway.
