Port 80 is open so we should navigate through the web browser and i found some strange parameter which i thought it could be vulnerable
Then i used burpsuite to check the response of the page when we give the LFI payload
It was strange that i found the user name and password was in plain-text in the etc/passwd file.
So i immediately navigated to the ssh with those password and the username
Then i got into the user but i was not root
Gave the command sudo -l
So i could run socat with sudo permission so i searched in gtfobins and got the escalation command sudo socat stdin exec:/bin/sh
Finally i was able to get the root file !!!!!!!!!!!!!!!