50m-ctf: Weak credentials, Blind SQLi, Timing attack, that leads to web admin access

Summary: Discovery of the application: The h1Thermostat application was discovered by extracting the bit.do URL from the image at https://pbs.twimg.com/media/D0XoThpW0AE2r8S.png:large. The URL https://bit.do/h1therm then led to a Google Drive where the Android application file h1thermostat.apk...