When hacking, sometimes we can get faced with admin panels or other login panels to which we might not have credentials. While this may seem like a roadblock at first, crafty hackers realise quickly that these systems are only as strong as their implementation. In this article we will be describing several attacks that might yield success but it's encouraged you get creative and look at every specific implementation with a specific attack.
Depending on the admin panel you see, you will need to first find out what it is. This is what we mean by enumeration, enumeration, enumeration. We need to know our enemy before we can fight it because that way we can start looking up manuals which might reveal information about default credentials. Thankfully companies have moved away from this movement of using default credentials and have instead opted for using the serial number as a password or including a separate piece of paper with a password on it.
Default credentials can also be as simple as a lazy system admin who sets an easy to guess password/username combination such as admin/admin or test/test.
Content brute-forcing is an attack technique that can be deployed in a few ways. We all know about directory brute forcing but I'd like to remind you that file brute-forcing is also a thing. I've included this because I have found several vulnerabilities like this. The access control needs to be implemented and enforced properly on all pages where needed or we can have anywhere from a low to a critical vulnerability depending on what is not protected well.
It's fair to say most login systems are connected to a database and this can also make exploits such as SQL injection possible. This is where an attacker manipulates the input of the login system to compose a valid SQL query that will log them in. Usually, login systems are well protected but if the login system is in a more obscure part of the application, it might be easy to forget input validation.
Some applications allow the bypassing of login systems when requests come from the internal network. We can fake that through the referer and origin headers. This is not a failsafe method at all but it's certainly worth a try.
Sometimes old login systems are vulnerable to certain CVEs. This is why it is so important to enumerate properly, we need to ensure we know the version numbers of any systems running to breathe life to the web application.