Type your comment> @NewHax said:
The first is a loop back address which I assume needs to be changed to the IP of the target server. I have zero clue what ‘< WP-Path >’ needs to be named to. I have tried inserting <flag.txt> but the server times out.
WP-Path - is a WordPress Path.
This can be the / or /wordpress or /blog, see for the circumstances.
And to successfully get the flag file, you must clearly represent the path to it .