Tags: base64 cookie 

Rating:

![S.H.E.L.L.CTF](../../banner.png)

# Under Development

There is nothing obvious on the website so let's check the Source:
```html

<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Web App Home Page</title>
</head>
<body>
<div> This web app is still under development. </div>

</body>
</html>
```
A comment about cookies? Let's inspect the cookie:

![cookie](cookie.png)

So we have a session cookie:
```
dXNlcg%3D%3D
```
The `%3D` is url encoded for `=` so this already looks a lot like base64, let's decode it and check.

![decode](decode.png)

So it says user. Let's change that to something more privileged like `admin`. Base64 encode `admin` and just insert in into your session cookie.
Refreshing the site now displays the flag:
```
SHELL{0NLY_0R30_8e1a91a632ecaf2dd6026c943eb3ed1e}
```

Original writeup (https://github.com/ipv6-feet-under/WriteUps-S.H.E.L.L.CTF21/tree/main/Web%20Security/Under%20Development).