User part :

-> Run Nmap Scan

-> Found 3 open ports and i checked nmap and found anonymous login is allowed

-> i login to ftp and found a note and downloaded that, there i found some usernames

-> i checked website

-> in source code i found this intresting word , so i downloaded the image and started stegnography

-> By reading an article of 0xRICK i found this tool

-> so i downloaded this from github and tried to check stegnography

-> i got password for extracting from image and got extracted to a file

-> By reading the note, i found password :)

-> Then i made a list of usernames i got for bruteforcing

-> i got correct username

-> then i login with that credentials and got user flag

Root Part :

-> i checked for the commands that this user can run as sudo and got this command

-> GTFObins helped me to get root shell

-> i got root flag