Problem 
We arrive at a webpage that says:
Access disallowed. You are not logged in
Solution 
If you’ve coded some basic website that has a login feature, you’d know that the question “are we logged in?” is answered by our cookies, which we can edit freely.
We can access our cookies given by the current website by going to “Dev tools > Storage > Cookies” and then we’ll find one that’s interesting and change it’s value to our liking. Here we changed the loggedin cookie’s value from 0 to 1, refresh the page and we’re “logged in”.
Flag 
aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1
Takeaway 
- Always check your cookies in a web ctf
| ‹ Previous in Web exploitation: Natas4 | Next in Web exploitation: Natas6 › |