Neighbour

This one was very easy. Before then Nmap scan was completed I tried to see if any webservice was available on port 80, it was.

In the source code we see the following comment:

            <!-- use guest:guest credentials until registration is fixed. "admin" user account is off limits!!!!! -->

Login with the quest credentials and see that the url is http://10.10.59.193/profile.php?user=guest

Simply change "guest" to "admin" and you find the flag.