Cookie
Challenge Description
Solution
Landing Page
Directory fuzzing
Visiting
/robots.txt
, we find a secret directory named/sup3r_s3cr3t_d1r
Visiting
/sup3r_s3cr3t_d1r
Visiting
/cookie
, we get a jwt token
JWT Debugging
Using this website, we can decode the JWT token
And we can change the cookie by modifying the 2 marked fields in the payload
Changing
admin
totrue
andanswer
toyes
Replacing the cookie on the website and visiting
/sup3r_s3cr3t_d1r
, we get the flag
FLAG
Last updated