19 – Client Side is Still Bad

Solve

I forgot my password again, but this time there doesn’t seem to be a reset, can you help me? http://2018shell.picoctf.com:8420 (link)

Solution

clicked on signing and said success

inspect code

not much in there, lets take a look at the network tab

and the header request and response 

found login

response header has set-cookie: admin=False

let change that to true

copied the curl link and replaced admin=True pasted it in insomnia and it returned 

picoCTF{l0g1ns_ar3nt_r34l_aaaaa17a}

%d bloggers like this: