This challange shows us a webpage with a textfield for a username and a login button. We write some letters in the textfield and click login. After login  we see a new page which shows us the message:

the key is only for the admin

So we go back and try to login as admin. But we see a message that the admin login is disabled. We use burp to do closer look. We login again and we see a cookie named username with some hex numbers. After some tests, it seems that the cookie is the username xored with something. So we try to login with "admina" and use burp to delete the last two hex numbers of the cookie.

Voilà! We have the key.

who wants oatmeal rasin anyways twumpAdby