Posted on by and filed under CSAW 2013.

The challenge takes us to a page with a log in form.

Password box

We find a cookie called admin after trying some passwords. This looks like a simple boolean.

Cookie

After changing this value to True and refreshing the page, this reveals to key!

key{told_ya_you_wouldnt_guess_it}