This challenge started off with a login page. If you would try to login as 'admin', it would say that doing so was disabled.
So, I started up burp's proxy to see what everything that was being sent.
I then attemped to login a user other than 'admin' and noticed that it also sent a cookie.
Then I attempted to login as 'bdmin'.
It sent the cookie: '0ac8259ca0'
I then attempted 'cdmin' and received the cookie: '0bc8259ca0'
So, assuming there was a pattern, I figured the cookie for 'admin' was: '098259ca0'
I sent a username and then edited the cookie to '098259ca0'.
The key is: who wants oatmeal raisin anyways twumpAdby
... I prefer chocolate chip