User part :

-> Run Nmap Scan

->From the Nmap Scan we can identify 2 ports are open,so lets check deeply about that 2 open ports

->You can see the version of the webmin in Nmap scan,so lets check searchsploit for exploits

->then i googled for exploit, and i got this medium post

->in that post , there is a github link for poc

->lets download and run this exploit, and now iam root

->here i got user flag

Root Part:

->here i got root flag