$ dig ANY jh2i.com
;; ANSWER SECTION:
jh2i.com. 3600 IN A 161.35.252.71
jh2i.com. 21600 IN NS ns-cloud-a2.googledomains.com.
jh2i.com. 21600 IN NS ns-cloud-a3.googledomains.com.
jh2i.com. 21600 IN NS ns-cloud-a4.googledomains.com.
jh2i.com. 21600 IN NS ns-cloud-a1.googledomains.com.
jh2i.com. 21600 IN SOA ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 48 21600 3600 259200 300
jh2i.com. 3600 IN SPF "flag{next_year_i_wont_use_spf}"
You can also head over here and input the URL there.
flag{next_year_i_wont_use_spf}
Tron
So first rag went around to common social media sites, and eventually found a GitHub account.
There was a pinned repository called Flagger. The directory was analysed, but nothing interesting was found except the description.
Capture the Flag service to collect flags
Sorry, your flag is in another castle.
At this point he had to go and I took over.
I decided to check his other repositories, one of which was a fork of a dotfiles repo. Since the other repo was a dead end, I decided to check this one out.
Something that caught my eye was the descriptive note GitHub added:
This branch is 2 commits ahead of calebstewart:master.
If it was two commits ahead, then this account must have mades those two changes. I clicked the Compare button next to this to check the changes, and they were very interesting.
So this was fairly clear; this key was used to SSH into the website on port 50033. I copied the SSH key into a file called key, ran chmod 700 to change the permissions so that it allowed me to use it to SSH, and connected.