Well I have made some more progress. I had made it through cloacknet to GGHB without extracting all the username password combos. I went back as you suggested and got everyones credentials. That definitely helped! Then I found a vuln in GGHB that lets me read all it's source code. Now I have an idea of what I need to do but I'm kind of stuck again. I've been playing with setting some GET params on the admin page via scripts I'm sending through email to the admin. The tokens and other limitations make things really hard though. I'm beginning to think that this is slightly above my current level. I'm considering downloading some other client side type challenges to up my game then come back to this one. I still wish there were some kind of walkthough available so I could learn what I am missing.
I'm having some trouble with the cloaknet portion of this challenge. I've read the hint file but I need a stronger push in the right direction. I've tried sql injection (via fuzzing with zaproxy) on various inputs to no avail...
UPDATE: I determined the fuzzer was not creating valid results because the token was not being generated on each iteration, which caused a "token invalid" error (turns out I was fuzzing the wrong request). After messing around for a while I was able to successfully raise an sql syntax exception so I think I'm on the right track and things are making sense now!