I only found 1 open port, 21, with an active FTP service.

This server have the Anonymous server active, wich means who we can log in this server.
With a short enumeration, I found the flag.

Using get, I download the flag in the attacker machine.
With this, I just need to read the file.
