<span>Open the challenge URL (http://hack-the-planet.hackover.h4q.it) and see that we are presented with a login page.
Enter some credentials and we are redirected to the /login page.

Enter the URL to the login-page in POSTMAN and set the verb of the request to HEAD.
We then see that response returns the header:
"X-Hackers-Kate-Libby": "make it my first-born!"

A search for "kate libby make it my first born" on google reveals that this is a part of a dialogue in the movie "Hackers":
Dade Murphy: And if I win?
Kate Libby: Make it my first-born!
(source: http://www.imdb.com/title/tt0113243/quotes?item=qt0448581)

If we set the header "X-Hackers-Dade-Murphy": "And if I win?" and make another HEAD request we get a new header in the response:
"X-Hackers-The-Five-Most-Used-Passwords-Are": "password,secret,love,god,sex"

Enter some username and the returned password (password,secret,love,god,sex) on the login page and we get the flag:
<span>
hackover15{Thepoolontheroofnusthavealeak}</span></span>