Using nmap, I found an http server open.

First thing I found in the web server is a log page.
After some testing, I found who this log page is vulnerable to SQLI.
Using the clasic query ' OR 1=1 -- -' I bipass the login page, geting the flag.

{{ 7 * 7 }}