we send a request **curl -v http://34.216.132.109:8084/

The response have **Set-Cookie: Who are you?=Me; Expires=Sat, 01-Sep-2018 13:37:24 GMT; Max-Age=0; Path=/

So it gives us a userRole of "Me" , so I just send another request with** Who are you?=admin** as

**curl -v -H "Cookie: Who are you?=admin;" http://34.216.132.109:8084/

and we get the flag CodefestCTF{f0r7Un4B1sC0TtO}