Using nmap, I found a open http server.
Using FFUF im able to found an admin page. Here, I found a Magento instance. Using Hydra, I brute forced the password, and found the flag.