Web

Virtual host discovery finds the Magento admin panel on a non-default hostname; qwerty123 completes the chain — two recon steps, one flag.…

Anonymous FTP drops a credentials file; those credentials unlock an HTTP admin panel — two individually boring findings combine into a full chain.…

SQL injection in a login form — `' OR '1'='1` as username turns authentication into a formality and exposes the flag in one request.…

Directory fuzzing surfaces a hidden admin.php that default credentials unlock; demonstrates why wordlist-based discovery precedes credential guessing.…