Bruteforce Login

Viewing the page source, theres a link to a png file.

Since the hint mention a picture speaks a thousand word, lets attempt steganography on it.

Now, we have a username and a possible password.

Filtering out astraunaut from rockyou and passing it to burp intruder, we are able to authenticate.

Viewing the page source of the portal, there is a set of service principal credentials.

We are able to then authenticate and retrieve the flag.