Has anyone actually managed to get through this? I’m completely at a loss as to how to proceed. I’ve tried everything I can think of…I’ve already had some cryptic clues about having to read everything on the website. I have but have got no further. I’ve managed to find all the users that are available and know how to tamper with cookies etc but to no avail. Can someone please give me a nudge in the right direction before I lose my mind? :confounded: :confounded: :confounded: :confounded:

Try to brute-force the password for (one of) the given accounts, as mentioned in the assessment description:

After that you probably have to start over your analyzing stage and find a way to the flag. :slight_smile:

I tried to bruteforce, But there is rate-limit. Any Hint

1 Like

It’s in the materials…you have to put a delay on the script

For everyone stuck in this state, where you have a bunch of users but cannot progress:
Do a proper user enumeration, dont go for the hint in the support page only.
Remember the task is to find the “flag in the admin panel” not the support panel. But understanding support will take you there to the flag.