Rating:
When we enter the flag from previous level as the password we can see that it's not the end and we have to enter secondary password.
When we analyze it in IDA, we can notice that it only checks if the password has 35 characters (maybe it wasn't intended by creators of this challenge).
Anyway we can the second flag offline. There is `_ZL4FLAG` offset in IDA and it's `const unsigned __int8 FLAG[35]`.
We can also notice that before length check our password is xorred with 0xC7 byte. So maybe if we just xor the flag from memory with this byte we'd get the flag back?
This [script](https://github.com/BOAKGP/CTF-Writeups/blob/master/Google%20CTF%202018%20Quals%20Beginners%20Quest/Admin%20UI/2nd.py) does it for us.
Flag: `CTF{Two_PasSworDz_Better_th4n_1_k?}`
