We have database.db, containing hashed SHA-1 password of admin: `0e[numbers]`. With type juggling in PHP, we just need to find input that has SHA-1 of `0e[any_numbers]`, e.g. `aaroZmOk` Login with `admin:aaroZmOk` and get the flag.