User part :

-> Run Nmap Scan

-> There are 3 open ports, so lets check Aggressive scan using nmap

-> Anonymous FTP is allowed, so lets check FTP

-> I got 2 files from FTP, 1 contains password list and 1 contains username

-> I checked for ssh bruteforcing and i got correct password

-> i tried that credentials and got shell, also got user flag

Root part:

-> i checked for the commands that i can run with root privilege

-> i used GTFOBins for privilege escalation

-> i got root shell and root flag as well