How to Find the Admin Panel of a Website

0
239

When I begin with my penetration testing , it was so hard to know where to start with.

But later I came to know that it would be more good and beneficial if I go with the admin panel and do some sensitive actions which can even bypass those panels and get in to them.

But, first I have to know where the admin panels of the website are paged. Here, I m going to give some obvious techniques to find the admin panel of a website.

The most common thing that you need to get in to the admin panel is the credentials (username and password) and the URL of the admin panel.

For example www.site.com/admin/ is an URL for the admin panel of the website which will be more easy to guess but in most cases they avoid these silly type of URLs for their admin panel.

So, they make it more critical for us to find by making it non – guessable such as www.site.com/yrfgeug/admin or more critical than this.

In this case the discovery of admin panel will be difficult such that we are not able to find it by normal guessing but we should move with some techniques that could possibly find the admin panels.

Crawling the website:

The first step to discover is crawling of the website. Crawling gives you the URLs linked with the website .

This will give you the information on the linked URls with the website and so, you will get the chance for finding the admin panel.

But in some cases it will not work because the private or restricted content of a website is normally included in the robots.txt file with the parameter called “disallow”.

So those URLs are not crawled even by google. As an alternative we go for finding the robots.txt file of the website by simply manipulating the URL as www.site.com/robots.txt and hit enter.

This will list the private contents of the website that are not allowed to crawled by the bots. You can download the robots.txt file for your reference with the command

Wget www.example.com/robots.txt (or)

Curl www.example.com/robots.txt

It would be more easy by taking a screen shot like this..

robots.txt

I repeat that these are the possibility of discovering and it may work in most cases only.

Crawling also includes creating xml sitemap of the website and get the lists of URLs linked with the website.

Create xml sitemap here: xml sitemap creator

The crawling of the websites can be done using online crawlers like SEOtools or there are some tools provided by OWASP called ZAPproxy which will give fast and accurate results.

You can also use online admin finder which gives you 1000+ urls with which you can brute force it and wait for 200 response incase of Burp.

Google dorks:

The next step incase of failure of the first one is the google dorks . I have given a detailed description of google dorks in my previous post.

And the best dorks I recommend for finding the admin panel are,

intext:admin site:www.example.com

intitle:admin site:www.example.com

inpage:login site:www.example.com

intext;login site:www.example.com

in some cases the term admin can be used as administrator by some websites.

dork result

How to hack with Google (Google Dorks)

Linux tools:

Now the maximum possibility comes here where you can use the linux tools . There are many tools available for finding the admin panels but I personally go with Breacher tool which gives cent percent results in most of the time.

breacher tool

These are the possible ways of finding the admin panel of the websites. Hope this will help you.

Happy finding 🙂

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.