Just a solution:
It's a .Net obfuscated app that starts a simple webserver on port 80 and asks us to login
too lazy to deobfuscate it.
attach it to olly and find "pass" string , HW bp on  "pass=([^&\r\n]*)"   (unicode string) to catch our password.
fill in login in the browser admin:anythingzxcvb and submit
back to olly and search in memory for our password and track it
md5(ourpassword) is calculated using bcrypt.BCryptHashData and compared to C432A8174394A3F655B2BD29BB075E4C
should we crack it?
bp on advapi32.CryptHashData , <span>bcrypt.BCryptHashData and test again
"</span>-40.01.6102 ,ikazamaY ogieK? thgirypoC" is passed to hash api,  admin's password
SECCON{D5691FB40B2AF60CA78DA78AC65A71E2}

not intended solution but works

//TMT