URL: [http://3.142.122.1:8885/](http://3.142.122.1:8885/)

page displays:

This web app is still under development

1) viewing the source code we see comment

TODO: Develop auth, buy some cookies from the supermarket

2) lets look at our cookies

We have a cookie named "privilege" with value "dXNlcg%3D%3D"

3) googling this shows that it is base64 for "user"
4) lets change it to base64 for "admin"
[using base64encode.org](https://www.base64encode.org) we input admin and get:

YWRtaW4=

5) "=" is %3D so change our user value to our new admin value of "YWRtaW4%3D"
6) Refresh the page and we have our flag!

**flag: SHELL{0NLY\_0R30\_8e1a91a632ecaf2dd6026c943eb3ed1e}**

Original writeup (https://github.com/ivanchubb/CTF-Writeups/blob/main/2021/S.H.E.L.L.%20CTF/Under%20Development.md).