In this web chall, we have a simple login portal in which we’re asked to enter our username and password. Looking a bit at the code, we see two interesting things : first, this link in an undisplayed div : http://tinyurl.com/47vu98x9 (i’ve been rickrolled, you will too.). Second, at the bottom we have the link to the script that manages the input :

<script type="py" src="./main.py" config="./pyscript.json"></script>

The main.py file is, as expected, what handles our input. It looks in a database and compares the hashed input to the password. In the pyscript.json file, we have a link pointing to the database, that we can simply use to download it and check the values stored in it.