1. There is a script with an authorization form.
2. In the source code of the page we see the script code.
3. The script checks the login and password with the strcmp function.
4. We can bypass the authorization with this function as described in this article https://www.doyler.net/security-not-included/bypassing-php-strcmp-abctf2016.
5. Send the following GET request: username=""&password[]=""&Submit=Login.

Flag: VishwaCTF{5t0p_c0mp4r1ng}.