Great video. I learned so much from this! The way I found the username and password was by using the sequencer in Burp, using the offset as a payload position. It does take some time with the community edition of Burp, due to the throttling it does, but it took only 2 minutes to set up and start it. It is easy to see when you have hit a non test username, due to the length of the response. Of course there is a chance that the real username has the same length as for example test1, but you can export the results afterwards and search in them.