Rating:
TL;DR
1. MQTT over websockets.
1. Subscribe to $SYS/#.
1. Hidden topic in one of the sys payloads: "$internal/admin/webcam".
1. Subscribe to hidden topic, dump payload to file.
1. Image contain login details to admin page.
Full writeup: https://github.com/flawwan/CTF-Writeups/blob/master/hxp/time_for_h4x0rpsch0rr.md
