Owww myy gaawwd, JWT trickery!
The challenge is to not login as guest, but login as admin and visit /admin.
There is a cookie set, which is a JWT
We can basically just change the user, to admin and encode it again:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiYWRtaW4ifQ.lo6cc_YVMrNFnffGek_avzLJ_mgkuvBsSz52NO3_6Kk
View attachment 1771453632866.png
Then set it into our cookie and booom:
Flag received, ye obviously a beginner challenge but quiet cool to learn about JWT
!!
The challenge is to not login as guest, but login as admin and visit /admin.
There is a cookie set, which is a JWT
We can basically just change the user, to admin and encode it again:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiYWRtaW4ifQ.lo6cc_YVMrNFnffGek_avzLJ_mgkuvBsSz52NO3_6Kk
Then set it into our cookie and booom:
Flag received, ye obviously a beginner challenge but quiet cool to learn about JWT
!!