Description
https://www.hackerone.com/blog/hack-your-way-to-nyc-this-december-for-h1-212
How I found the flag
I ran an obligatory port scan, checked the IP using shodan.io, and did some basic directory discovery.
I found two open ports - 22 and 80 - and one directory /flag
with a message from the creators.
As this wasn't really helpful, I tried to enumerate vhosts and found one resulting in a different response: admin.acme.org.