Wishing to simplify the task by not modifying rights, the administrator has not thought about the side effects...
The "~/ch1cracked/.passwd" file is for the "app-script-ch1-cracked" account. The file has a flag.
There is a mention of "Privilege escalation" in the game description.
The traditional way to escalate privilege is to use "sudo" or "su". It is possible to see what what permissions are available through "sudo -l".
The important point is that there is a wildcard character(*). This means that both the parent directory and the current directory are included.
The flags can be obtained using the characteristic of the wildcard.