For the first one you needed to create an account with the spark site. Once you did this all that you needed to do was "boost your spark" by following the instructions that went from your location to boost and directed you to the flag page.
Once you added this minus the quotes you snag some more points.
You can also from another registered account boost your account and snag you request and keep resubmitting to get you name on the board.
OST /en-US/m/boost2_confirm HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: csrftoken=d0d01d47dc3e20835703eaf0c82d0a16; sessionid=a78c616fcd3d2889899098731f20ab9e; parent=qqcrew
The next piece ties into "bringing down the Kraken" but I digress. If you continue to browse the spark site you will eventually notice that you have a username listed in the urls as:
/en-US/users/717163726577So what is the "717163726577" portion that you ask, well simple it just your html encoded team name.
qqcrew = qqcrew = 717163726577
Ok? so what? Well if you happen to have browsed to the site listed above you would have gotten a page that you can reset your password that contained the flag.
<div>First Name :<span></div>
<div>Last Name :<span></div>
<div>City Name :<span>Cape Town</div>
<div>Reset Email Password [Disabled]</div>
<div>Force Password Reset <a href="https://ocean.mozillactf.org/pwreset/Nx0hBEhFUGMCARRcAhQhQxEXEk8XGh8ZAlEoChYAV0cNTx0QEBguQwEMEEYXTko=">[Enabled]</a></div>
<!-- Flag ='There are so many buried treasures in the sea!' -->
Bingo ! Another flag.
So what else is there? Well now you can mess with anyone that you want which leads to bringing down the Kraken. So taking what we know we browse to:
Then we do a force reset and Bingo another one drops!