[Web] Helpfuldesk

The following challenge description has been given:
lol it didn't load
Below is the landing web page:
lol it didn't load
We are not given with credentials nor any common credentials worked. However, we can see that a security bulletin has been mentioned.
lol it didn't load
Looking at that page, we are brought to a page where we can download the web application files.
lol it didn't load
We can see that there is a v1.2 update and it’s needed to patch a critical vulnerability to the helpfuldesk app. Downloading it and extracting it, the following files can be obtained.
lol it didn't load
It seems that they are compiled through .NET Framework. We can use dnSpy or ilSpy to decompile the relative .exe or .dll file. It was Helpfuldesk.dll that has the information we need. The Decompiled code is shown below:
lol it didn't load
We can make out the available endpoints by checking out the Controllers. For example: AccountController has Logout. To access it, we have to visit /Account/Logout on the website. We checked each available endpoints and the one that interests us is SetupController -> SetupWizard. Decompiled code can be seen below:
lol it didn't load
As can be seen, registering a new account doesn’t have a restriction. Unauthenticated users can create their own account. So we tried creating one:
lol it didn't load
Redirecting to /Setup/SetupComplete means successful registration. We created an account with creds admin:admin. We managed to login with the created account.
lol it didn't load
It seems that items listed above are machines where we can check files within its filesystem. We exapanded HOST-WIN-DX130S2.
lol it didn't load
We can see that under Desktop, flag.txt can be seen. It is also downloadable.
lol it didn't load
We can retrieve the flag inside the flag.txt