This is a simple beginner-level Local file Inclusion box.
Starting with a simple nmap scan
nmap -sS -sV -A <IP>
We see that 2 ports are open (22,80). It means there must be a webpage.
We get this page and as we know it is an LFI challenge but there is no parameter in the URL to inject our LFI payload. Looking around we find a parameter by name.
Using this to view the /etc/passwd file. Here can see the password and username for ssh login commented out.
Using the credentials to log in via ssh
Here we find our first flag.
checking for commands that we can run as root
Using payload from GTFObins for socat
sudo socat stdin exec:/bin/sh
Finally, we have our root flag!!