This document summarizes how the author won a capture the flag (CTF) competition called ClubHack 2011. It describes the different stages of analyzing the challenges, from gathering information to exploiting a cross-site scripting vulnerability to steal the flag and secure entry to the conference. It highlights the tools and techniques used, such as deobfuscating code, using hashes to download files, and using event handlers and cookies to steal data with XSS.