This VM is straight-up vulnerable.

No hints this time and good luck!

The flag is in /flag/flag.txt

Download the VM Here

• Use ARP-SCAN to locate the IP Address of the VM to access the website.