Step 1: Register
As you register, you should intercept traffic. You’ll notice that the role is defined as you register. The default role is set to “user”. Change it to “admin” and send your modified request.
Step 2: Retrieve flag
From here, perform a request to the /api/admin/flag endpoint to retrieve the flag:
Thanks for reading!
