Just register for a flag - if they have more left at least.
Here at the beginning if we send an email and name, we can see that only flugel knutz is allowed to have the flag, but I want it!
Let's check JavaScript
It is indeed using JavaScript.
Let's fire up burp suite
And capture some legit input
We can see it's sending a captcha, let's grab that otherwise you will see this.
Let's send some legit input but modify it.
I'm invincible!
Writeup by Oskar Anderberg