Tags: web 

Rating: 4.7

# Challenge description

Be Admin & get the Flag.

Website Link

Note : Burte Force/Fuzzing not required and not allowed.

Flag Format: KCTF{S0m3_T3xt_Here}

**Author: TareqAhmed**

-----------------------------------------------------------

in this challenge we find ourself in a page with

```
Only KnightSquad agents can access this page.
```
So we need to set our user-agent header to KnightSquad using burp suite

![1](https://user-images.githubusercontent.com/58823465/150653871-b9416477-fd8f-48d5-a963-fbc81e51f79f.png)

then we get this

```
This page refers to knight squad home network. So, Only Knight Squad home network can access this page.
```
==> We need to set our **Referer** header to **localhost**

![3](https://user-images.githubusercontent.com/58823465/150653878-fc3aba21-b38a-474f-b9aa-3925794666f7.png)

Checking the source code we find a jsfuck

![4](https://user-images.githubusercontent.com/58823465/150653901-886489ea-a192-4be5-b5b5-96887b02004a.png)

from the jsfuck code we get this weird string

``` F`V,[email protected]<,q!$?0EpF*DPCA0

Original writeup (https://github.com/j3seer/KnightCTF-2022-WriteUps/tree/main/KnightCTF%202022/Web/Can%20you%20be%20admin).