Frist check changelog.txt to see the version.

try admin / admin@123 default creds

Drupalgeddon exploit RCE maybe the one to go.

drpalgeddon2.rb github

you might need to install highline (google the error)

or

drupscan

if it's 7 <= 7.57, the following script should work.