For the first flag:
Enumerate the host and find a flag.txt flag in an accessible directory.
I must be missing something simple. I’ve brute forced accessible directories on *
blog.inlanefreight.local and none that I’ve found contain a flag.txt. I’ve even gone as far as writing a script to curl every directory I’ve discovered and append flag.txt to look for any 200 responses, and haven’t found anything.
What simple step am I missing?