By the name of the challenge we can guess that the solution will involve some kind of time.
We don’t have so much to go with in the beginning. We have a webpage with a button on it. When we click the button we are send to another page that say the thing has exploded. How did I approach this.
Use Burp Suite to intercept the get request.
If we examine this screen we can see that the name of the cookie is pretty specific (“detonate_time) , and as I mentioned in the beginning in my head the solution had something to do with timing. If we click on the big red text button the page says that we were to late.
Right click on the screen above and send it to the repeater in Burp. There you can change the value of the cookie by adding several zeros in the back.
If we check the response field and exam it we can see the flag. In this case the flag is: LLS{saving_lives_with_cookies}
This was a quick challange