Hello everyone, I am streaak and this is my writeup for the web challenge released by Hackerone for h1–702 CTF.

On visiting the Challenge page and we can see the following-

Notes RPC Capture The Flag
Welcome to HackerOne's H1-702 2018 Capture The Flag event. Somewhere on this server, a service can be found that allows a user to securely stores notes. In one of the notes, a flag is hidden. The goal is to obtain the flag.

Good luck, you might need it.

So the first thing I did was fire up my ubuntu VM and ran dirsearch on it. This returned a README.html file in the root directory. This file contained the documentation of Notes RPC On reading the documentation I was able to note some interesting points. …

Hello everyone,

This is my writeup for H1–212 CTF. Hope you guys like it.

It all started when hackerone blogged about their CTF and I got so excited and fired up my laptop.
One thing Jobert told in the slack channel was to read his tweet carefully. So that’s what I did.
The blog post clearly said-

An engineer of acme.org launched a new server for a new admin panel at
He is completely confident that the server can’t be hacked.
He added a tripwire that notifies him when the flag file is read.
He also noticed that the default Apache page is still there, but according to him that’s intentional and doesn’t hurt anyone.
Your goal? …


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store