🟢Unprotected admin functionality with unpredictable URL

This lab has an unprotected admin panel. It's located at an unpredictable location, but the location is disclosed somewhere in the application.

Solve the lab by accessing the admin panel, and using it to delete the user carlos.

Upon inspecting the source code of the web page, we can see a script that reveals an "Admin panel" button if the current user is an admin. The link to the admin panel is also revealed - /admin-s0be8x.

Accessing /admin-s0be8x shows the admin panel and we are able to delete existing users.