When we opened the page we got a admin login page.

After revieing the source code we got admin email [email protected].

We used the forgot password link with that email and got token in response.

We checked robots.txt and got a link http://45.33.123.243:13556/r3s3t_pa5s.php

We used the token from for got password the open the page in get request. like that http://45.33.123.243:13556/r3s3t_pa5s.php?token=[TOKEN_HERE]

Then it opened a reset password page. By confirming new password we changed admin password.

Then we used the password to login and got the flag.