 What's going on everybody? John Hammond Pico CTF 2019 and this challenge is called open to admins for 200 points in the web Exploitation category it says this secure website allows users to access the flag only if they are admin and the time is exactly 1400 so we have a few links here We could try again one hosted on port 80 or I guess 443 of HTTPS in that case and on a specific port if we need there Or we can just go to that link so I'm gonna navigate to that page. It says my new website We have some buttons to sign in and sign out But they are apparently not implemented yet and there's a giant green button for flag So we can go ahead and click that try that it says I'm sorry It doesn't look like you are the admin or it is the incorrect time So if you were kind of at a loss if you did enough digging between robots that text and viewing the source and etc etc, maybe run derbuster, I don't know You could take a look back at the hints and the hints could say Ken cookies help you to get the flag so Maybe reorient you if you didn't think to check there But this is a bit of a bummer and maybe kind of frustrating for some individuals because if you were to take a look at the cookies Let's fire up the developer tools and I'll just hit flag one more time so that we'll see that network connection come across I'll copy this as the curl command and we can go ahead and paste that in here You can see that there are cookies that are kind of being set or ones that we might be able to view There might have been a session thing that comes along, but it's not a JWT or a JSON web token. So This is a redirect. Let's use tech capital L. So we follow redirects now. We get the full page back But still nothing particularly useful and there weren't cookies that we could work with really so What you end up needing to do is actually supply your own cookies So the node here with this cookie header that you can see curl is providing and we'll have to add in Just with a semi-colon to note Let me put a new cookie in that raw HTTP header and we can say admin is true There's nothing particularly there again because we just specify the time but maybe that was a guess or a leap of faith to specify admin equals true and One more where we say time is equal to 1400 run that and now we have our flag right there on the page so I Don't know. Maybe that is a leap of faith. Maybe that's a little bit more intuitive I'm just not seeing it but adding your own cookies that didn't exist previously always seemed like a peculiar bag for me So we could carve this out if we want to do greptack. Oh, E Capital E there and let's grab our Pico CTF file format flag format and let's make that silent from curl and Let's say color equals none. So that's getting our flag we can save that and we can verify we have our flag dot text and our get flag script and Now we can finish that so that's that challenge. That's all that's really there Let's go ahead and submit that before I forget But maybe maybe not your favorite challenge. I guess it wasn't particularly mine So that is all that we needed for that and I removed my cookies for this So let me log back in and see if I can climb through it Whatever open to admins. No, go away last pass. You're fine admins good Paste that and we'll call that a day. So thank you guys for watching. I hope you enjoyed this I don't know if that's a rage quit for you or not But adding the cookies manually maybe a leap of faith who knows that's the solution So thank you guys for watching. Hope you enjoyed this. Please do like comment and subscribe all those YouTube algorithm things I'd love to see you on discord. I'd love to see on patreon paypal other P words All right, I'm ending the video. Bye