Note: If you're interested in actually doing these challenges, check out this post on how to get the environment set up.

This was any easy one - Snoop around the html source code on the login page. You’ll find a HTML Comment around line 99:

<!-- X marks the spot -->
<!-- RkxBR3sxYTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMH0N -->

We notice that it’s Base64 looking. We decode this as base64:

>>> str = 'RkxBR3sxYTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMH0N'
>>> print(str.decode('base64'))
FLAG{1a000000000000000000000000000000}