going to the url provides us with a login button.  
Clicking it allowing us to login with "NotFlag".  
Inspecting the cookie reveals
```gammaAuth_1640143221=eyJnYW1tYSI6Il8kJE5EX0NDJCRfJCIsInVzZXJuYW1lIjoiZ3Vlc3QiLCJwYXNzd29yZCI6Ijg0OTgzYzYwZjdkYWFkYzFjYjg2OTg2MjFmODAyYzBkOWY5YTNjM2MyOTVjODEwNzQ4ZmIwNDgxMTVjMTg2ZWMifQ==```

ok let's base64 decode:
```{"gamma":"_$$ND_CC$$_$","username":"guest","password":"84983c60f7daadc1cb8698621f802c0d9f9a3c3c295c810748fb048115c186ec"}```  
password is hashed.

searching for the type reveals its SHA256. Lets try to reverse it by your
favorite reverse loopup website... and its revealed to be "guest".  
ok, so we can just provide any sha256 password as we want apparently. But what
about the username?  
Let's try to change username to admin and base64 encode.  
We got: "Invalid cookie or checksum!"

Looking at the cookie name: gammaAuth_1640143221 it is reasonable to assume
that 1640143221 is the checksum!  
10 digit checksum represents crc32.  
Let's try to take the original base64 value and calculate its crc32: we can
use this website: ```https://crccalc.com/```  
Unfortunately its a mismatch!

Maybe its just the json payload! let's try...
```{"gamma":"_$$ND_CC$$_$","username":"guest","password":"84983c60f7daadc1cb8698621f802c0d9f9a3c3c295c810748fb048115c186ec"}```  
and yes! the checksum is 1640143221.

Now, just change username to admin, base64 encode, calculate crc32 and set the
cookie:  
```gammaAuth_1822232271=eyJnYW1tYSI6Il8kJE5EX0NDJCRfJCIsInVzZXJuYW1lIjoiYWRtaW4iLCJwYXNzd29yZCI6Ijg0OTgzYzYwZjdkYWFkYzFjYjg2OTg2MjFmODAyYzBkOWY5YTNjM2MyOTVjODEwNzQ4ZmIwNDgxMTVjMTg2ZWMifQ==```

And we got the flag!

captainB  
CamelRiders