1: Check the HTML comments 2: Default creds (admin/test) 3: .flag.php is open to access 4: Password is on rockyou.txt 5: SQLi - password ' or 1=1;