Have you got stuck? Need Help? Join our discord server, ask your doubts & get support from our experts.
InCTF Jr 2025
Coming Soon
Author: Rohit
Solving
At first you can see a page with May be the admin is hiding something written. and below that is a button with Access Secrets. When we click on that button, it will show us a message that Well something tells me that you are not the admin. If we go to the network tab, we can see that it sends a request to the /admin endpoint when we click that button. When we check that request it sends a header with name Admin and its value False.
We can intercept the request and make the value True to get the flag