This challenge requires us to read the /flag.txt file
During our enumeration we found the Elasticsearch Directory Traversal (CVE-2015-5531) vulnerabilities
Description: Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
We change the path to /flag.txt to read the file. But we got encoded data.
We used some online decoding tools to decode the data from decimal into ascii.