User part :

-> Run Nmap Scan

-> You can see many ports are open

-> i run version scan using Nmap, lets check port 8080,It shows Jboss is installed

-> Lets check for version

-> i found a github repo which is used for jboss exploitation

-> i run the code and got shell, now iam cmnatic

-> while reading note in jboss directory i got jboss's password

-> i tried that credentials with ssh and got shell and user flag

Root Part:

-> i found i can run /usr/bin/find with sudo privilege

-> i searched find in gtfobins and got command for shell

-> i tried and now iam root. i got flag but it is in encrypted format, lets decrypt it

-> i decoded with base64 and got a string

-> i checked with hash-identifier and it's MD5 hash

-> so i wrote hash to a file

-> using hashcat i cracked the flag