The challenge description was: interview.polictf.it:80

Not much from the description, so let's connect and see what is happening:

mrt:~/ctf/polictf/grab_bag/hard_interview$ nc interview.polictf.it 80
         ____                                     __                              __
        /\  _`\                                  /\ \__                          /\ \__
        \ \ \/\ \     __   _____      __     _ __\ \ ,_\   ___ ___      __    ___\ \ ,_\
         \ \ \ \ \  /'__`\/\ '__`\  /'__`\  /\`'__\ \ \/ /' __` __`\  /'__`\/' _ `\ \ \/
          \ \ \_\ \/\  __/\ \ \L\ \/\ \L\.\_\ \ \/ \ \ \_/\ \/\ \/\ \/\  __//\ \/\ \ \ \_
           \ \____/\ \____\\ \ ,__/\ \__/.\_\\ \_\  \ \__\ \_\ \_\ \_\ \____\ \_\ \_\ \__\
            \/___/  \/____/ \ \ \/  \/__/\/_/ \/_/   \/__/\/_/\/_/\/_/\/____/\/_/\/_/\/__/
                             \ \_\
                              \/_/
                     ___      ____               ___
                   /'___\    /\  _`\           /'___\
              ___ /\ \__/    \ \ \/\ \     __ /\ \__/   __    ___     ____     __
             / __`\ \ ,__\    \ \ \ \ \  /'__`\ \ ,__\/'__`\/' _ `\  /',__\  /'__`\
            /\ \L\ \ \ \_/     \ \ \_\ \/\  __/\ \ \_/\  __//\ \/\ \/\__, `\/\  __/
            \ \____/\ \_\       \ \____/\ \____\\ \_\\ \____\ \_\ \_\/\____/\ \____\
             \/___/  \/_/        \/___/  \/____/ \/_/ \/____/\/_/\/_/\/___/  \/____/


____ ____ ____ ___ ____ _ ____ ___ ____ ___     ____ ____ ____ ____ ____ ____    ____ _  _ _    _   _
|__/ |___ [__   |  |__/ | |     |  |___ |  \    |__| |    |    |___ [__  [__     |  | |\ | |     \_/
|  \ |___ ___]  |  |  \ | |___  |  |___ |__/    |  | |___ |___ |___ ___] ___]    |__| | \| |___   |


fish@sword:~$

We are greeted with a shell, regular commands to navigate ourself like cd and ls are not working. Let's see is we can get some help:

fish@sword:~$ help
 A very hard interview: Codename Blow...Fish
Maybe you can help me with something...
DOD d-base, 128 bit encryption....What do you think?
Maybe slide in a Trojan horse hiding a worm...
I have been told that best "crackers" in the world can do it 60 minutes,
unfortunately i need someone who can do it in 60 seconds...
naturally with the right incentives ;)
If you know what I mean, tell me how a real cracker accesses to a remote super protected server...

Possible commands:
          hacker: Write code as a real hacker
            help: Give informations about the program
            hint: Gives a little hint
            exit: Loser...bye Bye
             ssh: A tiny ssh command
            date: A very useful and innovative feature

The only interesting command we can use is ssh, but where should we connect to?

The 60 seconds quote sounds really familiar and the prompt gives a big hint as well, this is coming from the movie Swordfish and if you watched the movie you would know it's the 'hacker interview' John Travolta gives to Hugh Jackman.

After a quick Google search I found that hacking interview scene from the movie on YouTube. This scene shows a list of 'IP' and this could be exactly what we need for our ssh command:

Swordfish Hacking Interview

fish@sword:~$ ssh root@213.225.312.5
 ... Username not found
... Address reachable
fish@sword:~$ ssh root@312.5.125.233
 ... Username not found
... Address reachable
fish@sword:~$ ssh root@232.12.10.362
 ... Username not found
... Address not reachable
fish@sword:~$ ssh root@125.323.12.30
 ... Username not found
... Address not reachable
fish@sword:~$ ssh root@291.12.112.323
 ... Username not found
... Address not reachable
fish@sword:~$ ssh root@151.268.115.65
 ... Username not found
... Address not reachable

The ssh command reports two of these addresses are reachable, but the username is not found. Common username would be root, guest or admin maybe:

fish@sword:~$ ssh guest@213.225.312.5
 ... Username not found
... Address reachable
fish@sword:~$ ssh admin@213.225.312.5
 ... Username found
... Address reachable

Admin is found, but nothing happened. Let's try the other reachable address:

fish@sword:~$ ssh admin@312.5.125.233
 flag{H4ll3_B3rry's_t0pl3ss_sc3n3_w4s_4ls0_n0t4bl3}

We got our flag: flag{H4ll3_B3rry's_t0pl3ss_sc3n3_w4s_4ls0_n0t4bl3}