Web Exploitation 150: Logon

Challenge

I made a website so now you can log on to! I don’t seem to have the admin password. See if you can’t get to the flag. http://2018shell1.picoctf.com:57252 (link)

Solution

It only checks password for user admin. We can log in as any other username, then get 3 cookies:

We change admin cookie to True and refresh the page to get the flag

Flag