# Ernst Echidna (Web, 50pts)

## Problem

Can you hack (url provided) website? The robots.txt sure looks interesting.

## Solution

We've got simple web page, which allows us to register an account:


Register form:


_robots.txt_ reveals one hidden path:

```
Disallow: /admin
```

At above url there's hidden administration panel and we need to has administration rights to access it.

After successful registration a cookie with MD5 hash of our login is set:


Simple change cookie content to MD5('admin') and refreshing browser tab allows to access panel:


...and reveals the flag:


Original writeup (https://github.com/bl4de/ctf/tree/master/2016/Google_CTF_2016/Ernst_Echidna_Web_50).