It's been awhile since I've completed 'the reals', so I decided to go at them again.
I now feel embarassingly stupid

This mission is incredibly easy! Yet I spent hours trying to figure out what to do! Although I didn't remember anything about this, it should have taken like 5-10 minutes or so. I 'walked by' the file that gave me the admin username at least twice without noticing it is what I'm missing. When it suddenly hit me, it hurt. Especially so when I realized how much I poked around in vain searching for this info.
Once you figure out you can leverage n***.cgi to look around the files and folders, it's really a piece of cake.
You see some CGI files of importance, the source of one of which tells you it'll let you in if you can match a certain range of integers. Well, I simply replicated the functionality in JavaScript (5 lines of code) and since the algorithm is straightforward, it was fairly easy and quick to figure out what to throw at the page to gain access to user info.
Now you need to find who the admin is to be able to query him, and if you're like me, you'll take a look (or several) at the file key to this, go on, and then pull out all your hair when you realize your own stupidity

As soon as you have the username of the admin, you make the query, and, now knowing far more about him than you need, you just need to log in...
Five easy steps, really:
1. You find script1, the one to be used for looking around
2. You find script2, which will give you user info once you get in
3. You analyze the source and quickly figure out an 'id' that'll let you in
4. You find the file with the username of the admin and slap yourse... erm... I mean you use this info to query him
5. You log in with admin credentials and go to script3
This was ultra fun!

[EDIT]
muddassir wrote:Hello Fellow Hackers,
I just fiddled through all the pages and after I came to the forum, the first post I read was about "poison null byte". How did you people even get the idea of utilizing this technique here? That's my question
Well, if you have never heard about or experienced the phenomena, you have minuscule chances of figuring it out. On the other hand, if you know such things exist, it's kind of automatic to check how the app reacts if you try to terminate a string in the middle. It's a very basic technique. I don't remember if there exists a Basic mission about it, I think there's none alike, but it'd definitely be a must have.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.