2 of spades Writeup
Metasploit 2021
Solved by: Taz34
Did a NIKTO scan on the target
nikto -h http://172.17.15.117:443/
and one of the lines in the result showed this :
+ /.env: .env file found. The .env file may contain credentials.
so i headed to this sub directory
inserted the file name in the URL
http://172.17.15.117:443/3e6f0e21-7faa-429f-8a1d-3f715a520da4.png
and we have the flag.