Nmap Output:

 

 

Dirb Output:

 

 

if we do some research on 8000 port, we can find admin's username and password.

 

 

We're asked for Bolt CMS versions.

 

If we login as admin, we can see version info is at left bottom.

 

 

searchsploit:

 

 

We found an exploit for bolt cms. And macine creator says its on metasploit too.

 

Metasploit settings:

 

 

flag.txt