Mr0Wido's Blog
Mr0Wido's Blog

TryHackMe - Corridor

Can you escape the Corridor?

You have found yourself in a strange corridor. Can you find your way back to where you came?

In this challenge, you will explore potential IDOR vulnerabilities. Examine the URL endpoints you access as you navigate the website and note the hexadecimal values you find (they look an awful lot like a hash, don’t they?). This could help you uncover website locations you were not expected to access.


1. What is the flag?

Let’s do a Nmap scan.

$ nmap -sSCV 10.10.186.148

nmap

As we see 80/tcp port is open.

Let’s visit that port. And there it is a homepage.

home

There’s not much we can do on the main page.

So, let’s check the source page.

source

Interesting! As you can see, there is a lot of hash in here. But we don’t know what kind of hash these are. So let’s use the hash-identifier tool.

hash-id

These hashes are encrypted with the MD5 algorithm.

Let’s crack all of them.

crack

The first hash is 1. I kept cracking. And the hashes go up to 13.

13

These hashes are pages. We can copy a hash and paste the endpoint of the URL.

Now, we can go to the page. Like this:

first

So, these hashes equals a number.

Let’s try encrypting the number 0 using MD5.

md5

Now, we have a hash. Let’s insert this hash into the URL.

zero

Success! We have found the flag.


It was nice CTF. I hope you learned something and had fun. But that’s it for now till next time take care :wave:


Jul 05, 2023

Categories: TryHackMe

Tags: security, idor, web



Mr0Wido's Blog

I am passionate about all things technology-related. My thirst for knowledge knows no bounds, and I consider myself a lifelong learner.

I am passionate about all things technology-related. My thirst for knowledge knows no bounds, and I consider myself a lifelong learner.

Mr0Wido's Blog

I am passionate about all things technology-related. My thirst for knowledge knows no bounds, and I consider myself a lifelong learner.

I am passionate about all things technology-related. My thirst for knowledge knows no bounds, and I consider myself a lifelong learner.

TryHackMe - Corridor

Can you escape the Corridor?

You have found yourself in a strange corridor. Can you find your way back to where you came?

In this challenge, you will explore potential IDOR vulnerabilities. Examine the URL endpoints you access as you navigate the website and note the hexadecimal values you find (they look an awful lot like a hash, don’t they?). This could help you uncover website locations you were not expected to access.


1. What is the flag?

Let’s do a Nmap scan.

$ nmap -sSCV 10.10.186.148

nmap

As we see 80/tcp port is open.

Let’s visit that port. And there it is a homepage.

home

There’s not much we can do on the main page.

So, let’s check the source page.

source

Interesting! As you can see, there is a lot of hash in here. But we don’t know what kind of hash these are. So let’s use the hash-identifier tool.

hash-id

These hashes are encrypted with the MD5 algorithm.

Let’s crack all of them.

crack

The first hash is 1. I kept cracking. And the hashes go up to 13.

13

These hashes are pages. We can copy a hash and paste the endpoint of the URL.

Now, we can go to the page. Like this:

first

So, these hashes equals a number.

Let’s try encrypting the number 0 using MD5.

md5

Now, we have a hash. Let’s insert this hash into the URL.

zero

Success! We have found the flag.


It was nice CTF. I hope you learned something and had fun. But that’s it for now till next time take care :wave:


Jul 05, 2023

Categories: TryHackMe

Tags: security, idor, web