webshell

 

It's a typical One Word Trojan, we can utilize AntSword(you can download this tool from github) to penetrate that above stuff. 

 

 'Shell pwd' is the POST parameter. 

 

And then connect into the web server. 

 

We find a flag.txt file under html directory. 

 

Here is the FLAG for which you seek.