Tryhackme Room Walkthrough
Room link :: https://tryhackme.com/room/neighbour
Overview
Easy-rated machine dealing with IDOR, created by cmnatic. This is a very very easy machine that can be solved within minutes.
What is IDOR?
!! Before reading the following content, just try to find the flag yourself by understanding IDOR vulnerability.!!
- Understand IDOR
- Start the challenge
- Look at the URL
- Solve it
Solving the Challenge
Let’s start with our challenge
When we access the challenge URL, we get a login page without a signup, and also refers to use the guest account.
We can see the page gives hints to refer the source code section (Ctrl + U).
We got the guest userid:passwd
Login with the given credentials
We logged into the guest account, it warns us not to peep your neighbour’s profile. Just because of that we can check the source code again
Hints about the admin page.
Now look at the URL
It looks like something interesting, just try to change the ‘guest’ with ‘admin’ to login as admin.
Wow.. we logged in as admin and got the flag.
Yes, we bypassed the authentication using idor vulnerability.
Submit the flag.
Thank You for Reading…
Happy Hacking ..!!