This challenge required us to send an encrypted cookie to the server. Luckily, the encryption key was readily available.

A hint in the page source led us to a Git repository, where the secret-key was included. We ran the code locally, set the username to ‘admin’, set the cookie on the vulnerable website, then obtained the flag.