Pwn on Autopilot

Our SOC team detected a brute-force attack against our authentication API early this morning. We've exported the JSON logs of the incident. We need you to identify the attacker's IP address and find out what they stole. Can you find the payload they used to successfully authenticate?

Can you track down the flag hidden somewhere in this REST API? I'm pretty sure it's public... https://api.inmt.win/

We had a big file that we wanted to compress so we gave it to Gary our new intern. Unfortunately, he though that every time he zipped it, it would get smaller... so he kept zipping the file over and over... and over. Can you recover our file from the archive? Note: This challenge requires you to use a library we haven't discussed. Take a second to find a package that will give you the tools you need to solve the challenge.

Are you good at mental math? I sure hope so. We need you to solve a lot of math problems real quick. Connect to the challenge using this command: nc math.inmt.win 8001

We found a website that we think is vulnerable to brute force attacks. The admin user is protected by only a 4-digit PIN. Can you write a script to log in and grab the flag? https://admin.inmt.win Username: admin