Using Default Credential to Admin Account Takeover

Ch4ndan das
3 min readAug 31, 2024


Hello Everyone,

I am very Happy For good response my 2st article U can read

This is my 3rd article. in this article will talk about how to find Admin Panel & Sensitive Information vulnerability using amass tool. Let’s introduce myself I’m Ch4ndan das & I’m web penetration tester. From India | My English is not well so please don’t mind it.

So I was testing a company’s domain let’s call it I started Hunting amass tool ( I think everyone know amass ) IF any one don’t know amass tool search on google & chat gpt.

Lets start !

I pick a responsible disclosure program then start recon using amass tool. I used basic command like this amass enum -active -d, -nocolor -o amass.txt u can see in image

enum = enumerate -d = domain -nocolor = output not show in color -o = output file

You have single domain use this cmd amass enum -active -d -o amass.txt u can see in image

You have Multiple domain use this cmd amass enum -active -d,, -o amass.txt u can see in image

If You want add more filter then You can see help menu ( amass enum -h )

In this Process take long time depend own your internet speed. After save file (amass.txt) You need filter domain’s ip u can use this command cat amass.txt| grep -E -o ‘[0–9]{1,3}\.[0–9]{1,3}\.[0–9]{1,3}\.[0–9]{1,3}’| sort -u |tee ip.txt see in image

I Have Domain’s ip You need httpx tool For check Live ip ( I think everyone know httpx tool) IF any one don’t know httpx tool search on google & chat gpt.

Now I have ip.txt file for check live ip use this command cat ip.txt| httpx -sc -title -server -td -cl -mc 200,302 -o httpx.txt

-sc = status-code show -title -server = title show -td= tech-detect -cl = content-length -mc = match code -o output file save

If You want add more filter then You can see help menu ( httpx -h )

Again wait some times then check manual one by one in my case when check one by one then I got admin panel you can see in image

Then I think this is admin panel try to login default credentials . I enter username = admin password = admin Then Boom logged in see in image

I find company’s email then I report !

Thank you everyone for Reading 🧡

U can view my LinkedIn Profile

Happy Hunting :)))



Ch4ndan das
Ch4ndan das

Written by Ch4ndan das

Bug hunt3r | Penetration tester | Ethical Hack3r

No responses yet