The description of this challenge was " I saw someone's screen and it looked like they stayed logged in, somehow... " and a pcap file was provided for donwload.
After looking for a while inside the pcapng file i found an interesting request to /jwtlogin
I tried to make a request but all I got was this :
"description": "Request does not contain an access token",
"error": "Authorization Required",
So i realized that we have to create a jwt token to get the authorization.
For hours I kept trying to create tokens that used the username field, since in the other challenges I had found an email "firstname.lastname@example.org" , but nothing... So I tried to log in from /staff.html by inserting in the username field "email@example.com" without putting any password, intercepting the request with burp.
It was the right move because in the header of the error page i found this -----> " JWT 'identity'=31337; Path=/ " and this is very useful for us because we know that the jwt token is using the identity and username field ( even if they are deprecated ).
To finish this challenge i just went again to /jwtlogin intercepting the request with burp , then i put the token in the header like this:
Authorization: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZGVudGl0eSI6MzEzMzcsInVzZXJuYW1lIjoidHJ1ZS5ncml0QHVtYmNjZC5pbyIsImlhdCI6IjE1ODY2OTg2NDYiLCJleHAiOiIxNTg2Njk5NTE3IiwibmJmIjoiMTU4NjY5ODUxNyJ9._eJaJQszRDarG_lY_xu7Yt7nTksNzFiEBE1-N6B5eXY
After i sent the modified request with the jwt token i got the flag :