I thought I had tried tried to submit the correct flag, but apparently I hadn’t so I ended up doing a bunch a non-sense not realizing I’d already solved it.
You can basically find the flag by 1) finding user, 2) finding the character set of the password, 3) reading all the messages related to the core logic, 4) take action based on one of those messages to obtain the password.
Think about what you know about the password? You know at least the first letter. Well, what don’t you know? You could honestly brute force it pretty quickly or just read the messages and take the action. It’s hard to give good hints for this one and I think a lot of hints cause people to overthink it.
There’s one or two things I wish the challenge had done differently, but I don’t think this was a bad challenge and hope the creator continues to make more. But that’s just my opinion.