This challenge requires us to read the /flag.txt file

During our enumeration we found the Elasticsearch Directory Traversal (CVE-2015-5531) vulnerabilities

Description: Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.

We change the path to /flag.txt to read the file. But we got encoded data.

We used some online decoding tools to decode the data from decimal into ascii.

Flag: RC15{J5ekuUdMY7BLZmktYCXzWZhZZ4J3W8pv}