**Description**

> Easy web challenge in the slimmest possible design.... namely none.
>
> http://ez-web.ctf.hackover.de:8080

**No files provided**

**Solution**

We are presented with a simple "under construction" text, accompanied by a GIF that doesn't exist.

```html

<head>
<title>Under Construction</title>
</head>
<body>

</body>
</html>
```

`/flag.txt` doesn't exist, but we can check [`robots.txt`](https://en.wikipedia.org/wiki/Robots_exclusion_standard):

```
User-agent: *
Disallow: /flag/
```

The `/flag/` directory contains `flag.txt`, but we are not allowed to see it:

```html

<head>
<title>Restricted Access</title>
</head>
<body>

You do not have permission to enter this Area. A mail has been sent to our Admins.
You shall be arrested shortly.

</body>
</html>
```

But the server simply sent us a cookie `isAllowed=false`, so changing that to `true`, we can see the flag.

`hackover18{W3llD0n3,K1d.Th4tSh0tw4s1InAM1ll10n}`

Original writeup (https://github.com/EmpireCTF/empirectf/blob/master/writeups/2018-10-05-Hackover-CTF/README.md#100-web--i-love-heddha).