🧪 Lab Write-Up

ℹ️ Info

This lab contains an unprotected admin panel.

🎯 Goal

Solve the lab by deleting the user carlos.

🔍 Enumeration

I suspected there was an exposed admin functionality, so I tested multiple common login credentials:

• admin : admin ❌
• administrator : admin ❌

I also attempted to brute-force potential admin panel paths:

• /admin → ❌
• /administrator → ❌
• /admin-panel → ❌
• /administrator-panel → ✅

🚪 Accessing the Panel

I successfully discovered the unprotected admin panel at:

<http://Domain-lab/administrator-panel>