->brooklynninenine




User part :



-> Run Nmap Scan





-> Found 3 open ports and i checked nmap and found anonymous login is allowed





-> i login to ftp and found a note and downloaded that, there i found some usernames





-> i checked website





-> in source code i found this intresting word , so i downloaded the image and started stegnography





-> By reading an article of 0xRICK i found this tool





-> so i downloaded this from github and tried to check stegnography





-> i got password for extracting from image and got extracted to a file





-> By reading the note, i found password :)





-> Then i made a list of usernames i got for bruteforcing





-> i got correct username





-> then i login with that credentials and got user flag





Root Part :



-> i checked for the commands that this user can run as sudo and got this command





-> GTFObins helped me to get root shell





-> i got root flag