diff --git a/app/controllers/tutorials_controller.rb b/app/controllers/tutorials_controller.rb
index 08cee31..d27a0ca 100755
--- a/app/controllers/tutorials_controller.rb
+++ b/app/controllers/tutorials_controller.rb
@@ -6,6 +6,10 @@ class TutorialsController < ApplicationController
   def index
   end
   
+  def credentials
+    render :partial => "layouts/tutorial/credentials/creds"
+  end
+  
   def show
     render "injection"
   end
diff --git a/app/views/layouts/tutorial/_header.html.erb b/app/views/layouts/tutorial/_header.html.erb
index 5b96e27..457e333 100755
--- a/app/views/layouts/tutorial/_header.html.erb
+++ b/app/views/layouts/tutorial/_header.html.erb
@@ -1,6 +1,5 @@
 <!-- Want to use this template whether auth'd or not so I've got some code to determine how to render below -->
 <header>
-
 	<% if not current_user %>
 		<ul class="mini-nav">
 	       <li>
@@ -19,5 +18,21 @@
 		    </li>
 		</ul>
 	<% end %>
+	<ul class="mini-nav">
+       <li>
+         <%= button_to "Tutorial Credentials", "#", {:id => "show_creds_btn", :class => "btn btn-danger", :method => "get"} %>
+       </li>
+     </ul>
 
-</header>
\ No newline at end of file
+</header>
+
+	<div id="modal_div" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myAlert" aria-hidden="true">
+	</div>
+
+<script type="text/javascript">
+
+$('#show_creds_btn').click(function() {  
+	$("#modal_div").load(<%= credentials_tutorials_path.inspect.html_safe %>);
+	$("#modal_div").modal("show");
+});
+</script>
\ No newline at end of file
diff --git a/app/views/layouts/tutorial/credentials/_creds.html.erb b/app/views/layouts/tutorial/credentials/_creds.html.erb
new file mode 100644
index 0000000..8e42115
--- /dev/null
+++ b/app/views/layouts/tutorial/credentials/_creds.html.erb
@@ -0,0 +1,96 @@
+<!-- Begin Modal -->
+
+    <div class="modal-header">
+      <button type="button" class="close" data-dismiss="modal" aria-hidden="true">
+        ×
+      </button>
+      <h4 id="myModalLabel1">
+        Application Credentials (Spoiler)
+      </h4>
+    </div>
+    <div class="modal-body">
+      <div class="row-fluid">  
+        <div class="span8">
+	      <p>Warning, this is a spoiler</p>
+	  	  <p>Are you sure you want to see the credentials?</p>
+	  	   <div id="creds_hidden" style="display:none">
+			<table class="table table-striped table-hover table-bordered pull-left" id="data-table">    
+		      <thead>
+		        <tr>
+		          <th>
+		            Email
+		          </th>
+		          <th>
+		            Password
+		          </th>
+		        </tr>
+		      </thead>
+		      <tbody>
+					<tr>
+		        	  <td style="word-wrap:break-word;">
+		        	    admin@metacorp.com 
+		        	  </td>
+		        	  <td>
+		        	   	admin1234 
+		        	  </td>
+		        	</tr>
+					<tr>
+			          <td style="word-wrap:break-word;">
+			            jack@metacorp.com
+			          </td>
+			          <td>
+			           	yankeessuck
+			          </td>
+			        </tr>
+					<tr>
+			          <td style="word-wrap:break-word;">
+			            jim@metacorp.com
+			          </td>
+			          <td>
+			           	alohaowasp
+			          </td>
+			        </tr>
+					<tr>
+			          <td style="word-wrap:break-word;">
+			            mike@metacorp.com
+			          </td>
+			          <td>
+			           	motorcross1445
+			          </td>
+			        </tr>
+					<tr>
+			          <td style="word-wrap:break-word;">
+			            ken@metacorp.com
+			          </td>
+			          <td>
+			           	citrusblend
+			          </td>
+			        </tr>
+			   
+		      </tbody>
+		    </table>
+		   </div>
+        </div>
+      </div>
+      <div class="row-fluid">  
+      </div>
+    </div>
+    <div class="modal-footer">
+      <button class="btn" data-dismiss="modal" aria-hidden="true">
+        Close
+      </button>
+	  <button id="understood" class="btn btn-primary" aria-hidden="true">
+        I understand
+      </button>
+       
+    </div>
+ 	    
+<!-- End Modal -->
+
+<script type="text/javascript">
+
+$('#understood').click(function() {  
+	$("#creds_hidden").show();
+});
+
+</script>
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 0ff89e9..5db7baa 100755
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -34,6 +34,7 @@ get "download" => "benefit_forms#download"
 
 resources :tutorials do
   collection do 
+    get "credentials"
     get "injection"
     get "xss"
     get "broken_auth"
diff --git a/db/seeds.rb b/db/seeds.rb
index 2d5f73b..9750d82 100755
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -5,7 +5,8 @@
 users = [
      {
        :email => "admin@metacorp.com", 
-       :admin => true, :password => "admin1234", 
+       :admin => true, 
+       :password => "admin1234", 
        :first_name => "Admin", 
        :last_name => "", 
        :user_id =>1