1  Category: #Web 
 2  Rated Difficulty: #VeryEasy 
 3  Personal Difficulty: #Easy 
 4  
 5  Inspect the site and found [[JWT]] token
 6  
 7  Inspect the js and found the string used to encrypt the [[JWT]]
 8  
 9  Used the string and edit the [[JWT]] to make an admin token.
10  
11  Find out there is /tickets endpoint that cannot be accessed. Only by admins
12  
13  Accessed the /tickets endpoint and get the flag