I have problem with the first question in this module.
Tamper the session cookie for the application at subdirectory /question1/ to give yourself access as a super user. What is the flag?
I found the incoding methods and the plaintext of the cookie.
I changed the role to admin, administrator, teacher, nt authority, super user, teacher, manager and nany more but still get the message that the role x dont have flag.
I tried all these rules with htbuser and htbadmin with no successes.
I even tried brute forcing the time stamp but still no success…
The second qustion took me 5 minutes.
Anyone can help me with a hint?
Anybody solved this question?