The sysadmin has left a hidden backdoor account for maintenance. Default credentials are in place (admin:ad***), but brute-forcing won’t work. Can you find the secret way to access the system?
OWASP A2:2017
Hints:
some Space in default Credentials lead to flow of execution
Username: admin (note the extra space). Password: admin.
Flag: SPL{87b441720681ba85662b69df1bd41711}.