Could someone give me a hint? I’ve been racking my brains over this task. My attempts to retrieve the flag via the browser console have been unsuccessful. I have absolutely no ideas left. Help me 
My friend just do this:
add your given host to your etc/host file, without the port, truckapi.htb
and take a look at the LFI module of SSRF
put it on burpsuite in the api section with the file name flag.txt
youre welcome…! XD
this module its not hard, but tricky…
bro the website is forbidden , how can use the crdentials ??
add the IP to /etc/hosts =)
Probably not the intended route but load up burpsuite > capture the post request > add truckapi.htb to /etc/hosts > send payload “api=file:///flag.txt” > copy flag.
Yup, that’s how I found it too.
The updated module was too easy for the skill assessment part. The last module was a bit tricky
Thanks friend, that’s right. I found it thanks to your suggestion.