Mr0Wido's Blog
Mr0Wido's Blog

TryHackMe - Neighbour

Check out our new cloud service, Authentication Anywhere. Can you find other user’s secrets?

Users can enter their username and password, for a totally secure login process! You definitely wouldn’t be able to find any secrets that other people have in their profile, right?

Access this challenge by deploying both the vulnerable machine by pressing the green “Start Machine” button located within this task, and the TryHackMe AttackBox by pressing the “Start AttackBox” button located at the top-right of the page.

Navigate to the following URL using the AttackBox: http://MACHINE_IP

Check out similar content on TryHackMe:


1. Find the flag on your neighbor’s logged in page!

Let’s visit the website.

Here is a login page.

login

The login page says you can log in as a guest. So let’s do CTRL+U.

guest

So, we can log in as guest:guest. Let’s log in.

guest-login

Yes, we are successfully login.

in

Now, we must look at the URL.

url

Let’s change the URL to this: ?user=admin.

Huh! It was so easy. We are now an admin.

admin


It was nice CTF. I hope you learned something and had fun. But that’s it for now till next time take care :wave:


Jun 30, 2023

Categories: TryHackMe

Tags: web, idor, authentication



Mr0Wido's Blog

I am passionate about all things technology-related. My thirst for knowledge knows no bounds, and I consider myself a lifelong learner.

I am passionate about all things technology-related. My thirst for knowledge knows no bounds, and I consider myself a lifelong learner.

Mr0Wido's Blog

I am passionate about all things technology-related. My thirst for knowledge knows no bounds, and I consider myself a lifelong learner.

I am passionate about all things technology-related. My thirst for knowledge knows no bounds, and I consider myself a lifelong learner.

TryHackMe - Neighbour

Check out our new cloud service, Authentication Anywhere. Can you find other user’s secrets?

Users can enter their username and password, for a totally secure login process! You definitely wouldn’t be able to find any secrets that other people have in their profile, right?

Access this challenge by deploying both the vulnerable machine by pressing the green “Start Machine” button located within this task, and the TryHackMe AttackBox by pressing the “Start AttackBox” button located at the top-right of the page.

Navigate to the following URL using the AttackBox: http://MACHINE_IP

Check out similar content on TryHackMe:


1. Find the flag on your neighbor’s logged in page!

Let’s visit the website.

Here is a login page.

login

The login page says you can log in as a guest. So let’s do CTRL+U.

guest

So, we can log in as guest:guest. Let’s log in.

guest-login

Yes, we are successfully login.

in

Now, we must look at the URL.

url

Let’s change the URL to this: ?user=admin.

Huh! It was so easy. We are now an admin.

admin


It was nice CTF. I hope you learned something and had fun. But that’s it for now till next time take care :wave:


Jun 30, 2023

Categories: TryHackMe

Tags: web, idor, authentication