Write-up for #h1415’s CTF challenge

While browsing Twitter for my daily dose of cat pics I came across a call for help requesting the aid of hackers all around the world to recover @jobertabma’s important document.

😱 Apparently @jobertabma has lost access to his account and there's an important document we need to retrieve from this site. Can you retrieve the document before he does? An all-expense ticket for #h1415 could await. https://t.co/L4Pj3PVrD7 #h1415

— HackerOne (@Hacker0x01) January 15, 2020

Jokes aside, as a security researcher, one of the channels I use to consume infosec content is Twitter. It was this way I stumbled upon @Hacker0x1’s newest CTF challenge.

I was drawn in immediately – the first 5 solvers would win a cool swag pack (including a dope hoodie) and the two best write-ups would get an all-expenses-paid trip to San Francisco and have a chance to hack at h1-415.

Having played CTFs for the past few years for Epic Leet Team and having participated in one of the previous editions of HackerOne’s CTF (h15411 CTF edition) I decided to challenge myself again and see whether I would be able to solve this one.

After reading the rules at https://hackerone.com/h1-415-ctf, I accessed the CTF’s page on https://h1-415.h1ctf.com and started hacking :)