STEP 1:

a) Do Reconnaissance, use the tool nmap and you will find Apache server running

b) Visit the website (search the ip on the browser),view page source you will find a username "R1ckRul3s" (keep it)
c) Use the tool nikto to scan the web server , we will find : robots.txt, /login.php

STEP 2:

a) Visit in browser ip/robots.txt, you will get a text "wubbalubbadubdub" (keep it).
b) Next visit the ip/login.php site, you will have to login use the username earlier and try the robots.txt text you got earlier

c) We will be logged in successfully , you will get a command panel , try command ls it will list the var/www/ directory
d) Here we will read the txt files, use cat command but it will not work , then try less command ,yay!!! it works
e) We will get the first ingredient in the txt file "mr. meeseek hair"(first flag)

STEP 3:

a) Now we will traverse the linux directories and try to find more information
b) Try the command ls -l /home , it will show two users rick and ubuntu
c) Now list the rick directory ls -la /home/rick/
d) We can see a file named "second ingredients"
e) Read it using the "less" command ls /home/rick/second\ ingredients !!! yay found the second one it is "1 jerry tear"

STEP 4:

a) Now we have to search through the linux system again
b) We have not checked the root directory yet
c) Run "sudo -l" to see what privileges we have , what are the things that we are allowed to do
d) We can see that we can use sudo without password
e)Run "sudo ls -l /root"
f)You will get the 3rd ingredient in 3rd.txt which is "fleeb juice"