Vicious Platypus

If you require root access to the machine, login as vicious-platypus with the password vicious-platypus Then use sudo -s to get a root shell.

View the sites robots.txt, and audit the password reset functionality. The token is on one of the pages that require authentication.

Laughing Kookaburra

There exists a vulnerability in the blog post software, exploit it to get the admin token. (The admin user browses every 5 minutes).

Poison Paradox

Log into the BuoAV administrator page.