We get a picture file which can be used to login to a website as user backdoor.The task is to login as user sdslabs.
In a hexeditor we find the following suspicious data in the picture:
We change the data to "sdslabs":
And are rewarded with the following message:
Congrats the flag is practice_makes_one_perfect