When we open the link, there is a login page.

If we check source code of the login page, there is a script.js on http://45.33.123.243:5020/static/script.js .

If we check the source code we get username as username and password as password.

By using this credential if we login, it will redirect to another dashboard page, just looking like a blog.

If we check the source code again we can find "cat flag.txt" in a JS.

If we write "cat flag.txt" on dashboard and click on execute, it will give the flag.