# Challenge description

Be Admin & get the Flag.

Website Link

Note : Burte Force/Fuzzing not required and not allowed.

Flag Format: KCTF{S0m3_T3xt_Here}

**Author: TareqAhmed**

\-----------------------------------------------------------

in this challenge we find ourself in a page with

```  
Only KnightSquad agents can access this page.  
```  
So we need to set our user-agent header to KnightSquad using burp suite

![1](https://user-
images.githubusercontent.com/58823465/150653871-b9416477-fd8f-48d5-a963-fbc81e51f79f.png)

then we get this

```  
This page refers to knight squad home network. So, Only Knight Squad home
network can access this page.  
```  
==> We need to set our **Referer** header to **localhost**

![3](https://user-
images.githubusercontent.com/58823465/150653878-fc3aba21-b38a-474f-b9aa-3925794666f7.png)

Checking the source code we find a jsfuck

![4](https://user-
images.githubusercontent.com/58823465/150653901-886489ea-a192-4be5-b5b5-96887b02004a.png)

from the jsfuck code we get this weird string

``` F`V,7DIIBn+?CWe@<,q!$?0EpF*DPCA0

Original writeup
(https://github.com/j3seer/KnightCTF-2022-WriteUps/tree/main/KnightCTF%202022/Web/Can%20you%20be%20admin).