Writeups/MetaCTF/Admin Portal
MetaCTFMediumCTF Challenge

Admin Portal

Admin Portal

2024-11-22
#MetaCTF#Web Exploitation

##Challenge Name: Admin Portal

###Solves

  • >Solves: 280
  • >Points: 150

###Description

I'm writing a webpage for admins to check on their flags, can you do me a favor and check it out to make sure there aren't any issues?

URL: http://adminportal.chals.mctf.io/

###Approach

  1. >

    Initial Observation:

    • >Visited the portal and noticed the message: "Only admins can see the page."
  2. >

    Inspecting the Source Code:

    • >Used the browser's developer tools (
      Inspect Element
      ) to examine the HTML, CSS, and JavaScript source code.
    • >Found nothing suspicious or helpful in the source code.
  3. >

    Checking Cookies:

    • >

      Navigated to the browser's cookie storage using developer tools.

    • >

      Observed that the 

      role
      cookie was set to 
      user
      .

  4. >

    Exploiting the Cookie:

    • >

      Edited the 

      role
      cookie value from 
      user
      to 
      admin
      .

    • >

      Refreshed the page, which granted access to the admin section.

  5. >

    Flag Retrieval:

    • >The flag was displayed on the admin page:
      plaintext
      MetaCTF{co0ki3_p0wer3d_p0rt4l}

###Flag

MetaCTF{co0ki3_p0wer3d_p0rt4l}
>sh1v4ng__
GitHubLinkedInshivangtiwari2415@gmail.com

$ echo "Open to collaborations, research, and security engineering work."

> Open to collaborations, research, and security engineering work.

$ uptime

> Portfolio online since 2024 | Last updated: Feb 2026

"No one is useless in this world who lightens the burdens of another." — Charles Dickens

Considered a small donation if you found any of the walkthrough or blog posts helpful. Much appreciate :)

Buy me a coffee

© 2026 Shivang Tiwari. Built with Next.js. Hack the planet.