going to the url provides us with a login button.
Clicking it allowing us to login with "NotFlag".
Inspecting the cookie reveals ```gammaAuth_1640143221=eyJnYW1tYSI6Il8kJE5EX0NDJCRfJCIsInVzZXJuYW1lIjoiZ3Vlc3QiLCJwYXNzd29yZCI6Ijg0OTgzYzYwZjdkYWFkYzFjYjg2OTg2MjFmODAyYzBkOWY5YTNjM2MyOTVjODEwNzQ4ZmIwNDgxMTVjMTg2ZWMifQ==```

ok let's base64 decode: ```{"gamma":"_$$ND_CC$$_$","username":"guest","password":"84983c60f7daadc1cb8698621f802c0d9f9a3c3c295c810748fb048115c186ec"}```
password is hashed.

searching for the type reveals its SHA256. Lets try to reverse it by your favorite reverse loopup website... and its revealed to be "guest".
ok, so we can just provide any sha256 password as we want apparently. But what about the username?
Let's try to change username to admin and base64 encode.
We got: "Invalid cookie or checksum!"

Looking at the cookie name: gammaAuth_1640143221 it is reasonable to assume that 1640143221 is the checksum!
10 digit checksum represents crc32.
Let's try to take the original base64 value and calculate its crc32: we can use this website: ```https://crccalc.com/```
Unfortunately its a mismatch!

Maybe its just the json payload! let's try... ```{"gamma":"_$$ND_CC$$_$","username":"guest","password":"84983c60f7daadc1cb8698621f802c0d9f9a3c3c295c810748fb048115c186ec"}```
and yes! the checksum is 1640143221.

Now, just change username to admin, base64 encode, calculate crc32 and set the cookie:
```gammaAuth_1822232271=eyJnYW1tYSI6Il8kJE5EX0NDJCRfJCIsInVzZXJuYW1lIjoiYWRtaW4iLCJwYXNzd29yZCI6Ijg0OTgzYzYwZjdkYWFkYzFjYjg2OTg2MjFmODAyYzBkOWY5YTNjM2MyOTVjODEwNzQ4ZmIwNDgxMTVjMTg2ZWMifQ==```

And we got the flag!

captainB
CamelRiders