Points: 150
Web Exploitation
I made a website so now you can log on to! I don't seem to have the admin password. See if you can't get to the flag. (link)
Hmm it doesn't seem to check anyone's password, except for admins?
How does check the admin's password?
Using any password and username, you will be able to login, however, upon logon,you will be greeted by:
Success: You logged in! Not sure you'll be able to see the flag though.
No flag for you
Upon inspection of cookies, it can be seen that there exists a cookie names admin with theh value false
admins False 2018shell1.picoctf.com / 1969-12-31T23:59:59.000Z 10
password password 2018shell1.picoctf.com / 1969-12-31T23:59:59.000Z 20
username username 2018shell1.picoctf.com / 1969-12-31T23:59:59.000Z 20
Changing the value of admin to True will result in the printing of the flag.
Working solution solve.py
picoCTF{l0g1ns_ar3nt_r34l_a280e12c}