Crack them with John or Hashcat (caching_sha2_password is tougher, but mysql_native_password is crackable).
phpMyAdmin is often installed in predictable locations. Try these paths during your directory brute-force: phpmyadmin hacktricks
Older versions may have a /setup directory left accessible which can be used to reconfigure the server. Crack them with John or Hashcat (caching_sha2_password is
Although rare, chaining LFI with phpMyAdmin’s cookie login mechanism could leak credentials. phpmyadmin hacktricks
Remember: the most secure phpMyAdmin is one that isn't exposed to the internet.
: Many local environments leave the root password blank.