User part :

-> Run Nmap Scan

-> port 22,80 are open, so lets run directory bruteforce using feroxbuster

-> got a login page, so lets browse that in browser, but we don't have any credentials for login, so started looking deeper

-> going to website, as a normal website

-> But in source code, username is commented. so i got username. next step is to find password

-> for every website , the first file that should be look is the robots.txt, from that i got some string

-> so i tried this string with the username in the login page and got success

-> i checked with ls command for listing files

-> i got a perl revere shell command to get shell

-> i ran command and got shell back

-> i got my first flag from same directory

Root Part :

-> i got the second flag from /home/rick directory

-> i checked for , the commands that i can run as root and you can see, i can run all commands as root. from root directory i got final flag