User part :

-> Run Nmap Scan

-> 3 ports are open. lets check website

-> now lets run directory bruteforcing and found 1 intresting folder

-> so it is 'cms made simple' cms. lets check version

-> i found version from 1 page

-> i checked for exploit and i got an SQLi exploit

-> i run exploit and got password

-> i checked with ssh credentials, and got shell and got user flag

Root Part :

-> i checked , which command i can run with sudo privilege and i got this

-> GTFObins gave me idea about how to exploit

-> Now iam root and got root flag