So this machine is very easy so lets do our first scan and we found ftp and ssh open and the FTP has anonymous access allowed.

So lets go to

ftp <ip>
anonymous
anonymous

so now we will have access to the file system and we can gain access to the user flag already. now lets look around and in the file structure there is a weird directory called notread when we traverse in there we find a gpg and a asc file . The asc file is something we can import to crack into the gpg file and get whatever is in there to do it lets do

gpg --import private.asc

and it gives us a password prompt which we dont have so lets crack this using johntheripper and to crack gpg files we first need to crack the asc one using

gpg2john private.asc > crackme
john crackme

then we will get a whole shadow file with the root credentials in there which we can copy and paste in a file and then use john with a rockyou.txt wordlist to find our solution.

and gg cat out the root.txt