findme

On entering user=test, pass=test:

try username:test and password:test!

Entering these creds, couple of redirects happen. Use BurpSuite to intercept these redirects. URLs of the two redirects have an id in the path. Concatenate the two ids and b64-decode the result.