simple network map scan:
nmap -sS -sV -T5 192.168.1.138 -p-
Notes:
Starting with a simple look on the browser:
Followed with Fuzzing on the target:
The fuzzing reveals a/backend path that redirect us to /backend/backend/auth/signin
→ Exposed Admin panel for OctoberCMC