HOW TO FIND THE ADMIN PANEL OF A WEBSITE?

How to find the Admin Panel of a website online?

What’s up, everybody welcomes to this blog titled, finding the admin panel of a website.

What is an admin panel?

An admin panel of the website is like a management system used by its admins or editors to manage the site like adding pages, images, changing website layout, etc.

What is Cpanel?

What is Cpanel hosting well Cpanel as its name suggests is a control panel which is used to manage your web hosting account it’s basically a graphical user interface which means that non-technical customers or non-technical people can basically manage all of their web hosting account without the need for sort of you know coding or anything like that so very easy to use.

To access the admin panel, you need these two things:

1. Credentials (username and password)

2. URL of the login page, for example, www.example.com/admin.php

Now the most important question

How to find the admin panel of a website online?

Well, there is no 100% working method for finding admin panels, but all we can do is try. Let’s start with exploiting human stupidity, I mean some stupid admins use URLs that are too common to guess like example.com/login, example.com/user_login, example.com/admin, etc.

Checking these links manually is too time-consuming so you can use this online admin finder, which checks for 2500+ possible URLs. But I prefer to use Havij or DirBuster.

Crawling

Crawling/Spidering is the process of fetching all the URLs present in the website. For example, if you enter the URL example.com in a crawler, the program will find all the links on that page. Then it will visit all the linked pages and will search for further links. This process will go on until it meets a dead end. Well, there are a lot of online crawlers and other programs, but I recommend to use OWASP ZAProxy.

Recommendation: In the upcoming blog I describe a lot about crawling. How crawlers work specifically, Some google crawlers/spiders, some python projects in crawling. Where I will provide free scripts.

Install and open it

OWASP Zed Attack Proxy (ZAP)

And you will have every link the crawler has found soon:

OWASP zed attack proxy usages

Then look at the URLs one by one and open the URL, which seems to be a possible admin panel.

If you find an admin panel then it’s great otherwise there are two possible reasons for the failure:

1. The admin panel is isolated from the website i.e., no webpage links to the admin panel.

2. The stupid has included the admin panel URL in robots.txt file. Well, every site has a robots.txt file that contains those URLs which should not be crawled (even by Google). You can view this (not always) by going to example.com/robots.txt. If it includes a suspicious URL, visit it and check what it is.

If that doesn’t work as well, then move on to the next trick.

We will use google to find all the pages within the website which has the word “admin” in them.

intext:login site:example.com

Apart fromintext:admin you can try

inpage:admin site:example.com

intitle:admin site:example.com

inpage:login site:example.com

intitle:login site:example.com

intext:login site:example.com

Well, these were the methods I know and use if you know about some other way to find admin panels. Aren’t That’s all for now. I hope that was useful if you do have any questions just put them below and I’ll get back to you.

About the author

Orvill

Hi, I'm Orvill Samanta, an aspiring blogger with an obsession for all things tech. This blog is dedicated to helping peoples learn about technology.

View all posts

3 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *