Rating:
The target site has a reset password feature that stands out as the way to get
in. When we try using it, we're prompted for a username. `admin`, `test` and
the like don't work, so let's look around a bit.
Examining the source code, we can find the following comment :
```html
```
If we punch in `blake` as the username, we're taken to the next step, where we
are asked "security" questions. I just kept guessing answer, cancelling before
the lockout (on the third incorrect guess) until I got it right.
After reading other writeups I realized there was a smarter and easier solution
(decoding the cookie, which contains a list of possible answers for every
question), but that's how I did it.
