I found this when view source code: MmI0YjAzN2ZkMWYzMDM3NWU1Y2Q4NzE0NDhiNWI5NWM= . This is a base64 string, decode it we will have : coldplayparadise
But when i put coldplay in username and paradise in password, the website give me that :
Mismatch in host table! Please contact your administrator for access. IP logged.
It means my IP adress is not authorized yet. So i will cheat by adding X-Forwarded-For:127.0.0.1 header using Burpsuite, username still coldplay and password still paradise
The flag is: 4f9361b0302d4c2f2eb1fc308587dfd6