Following the same technique I used in the previous flag, I identified 10.10.146.74 as running FTP and allowing an anonymous login. Since I don’t know any slick script-fu to mirror an ftp server via the command line, I simply used FileZilla to download the entire contents of the FTP server to my local computer for inspection.
You can find those files here.
I grepped through all these files to find the flag ‘Goats34Milk’ in AUTOEXEC.BAT, worth 20 points.
There was a lot going on with the files on this FTP server. For starters, there was source code spread throughout the server with copious amounts of the word ‘flag’ in the code. I suspect there might have possibly been another flag hidden in all this fodder, but it would have taken someone more dedicated than I to page through all these results to find one. I started working in that direction but eventually gave up in search for easier flags.