0. Open the web page and find that you need to enter the user name and password
Username uses admin
The password can be obtained by blasting, or you can view the comments
Decode dGVzdDEyMw== base64 to get the password: test123
1. Enter the user name and password
Unable to log in, it prompts that only the local administrator can access, which takes into account the use of the xff method to modify the IP to a local address
2. Use BurpSuite to capture packets
3. Add: X-Forwarded-For: send after 127.0.0.1
4. Get the flag: flag{9876894a5ec96ef77b6d54ba5cd983bf} (dynamic flag)