This is a JSON Web Token Challenge.
- Go to the URL provided and view page source first.
- JSON web tokens are protected by a secret key that should never be exposed.
- In this case we see this comment in the HTML (supersecretkey)
Click on the ‘Admin Only’ link next after taking note of that exposed secret.
- Open up developer options, find the cookies for the page, and copy the value for the cookie helpfully named ‘token.’
- Go to https://jwt.io and generate a token, that has the value of
role:admin
- Paste the new JWT token as the new ‘token’ cookie and refresh the webpage.
