Tryhackme Room Walkthrough
Room link :: https://tryhackme.com/room/neighbour
Easy-rated machine dealing with IDOR, created by cmnatic. This is a very very easy machine that can be solved within minutes.
What is IDOR?
An Insecure direct object reference is a type of access control vulnerability in digital security. This can occur when a web application or application programming interface uses an identifier for direct access to an object in an internal database but does not check for access control or authentication.
!! Before reading the following content, just try to find the flag yourself by understanding IDOR vulnerability.!!
- Understand IDOR
- Start the challenge
- Look at the URL
- Solve it
Solving the Challenge
Let’s start with our challenge
When we access the challenge URL, we get a login page without a signup, and also refers to use the guest account.
We can see the page gives hints to refer the source code section (Ctrl + U).
We got the guest userid:passwd
Login with the given credentials
We logged into the guest account, it warns us not to peep your neighbour’s profile. Just because of that we can check the source code again
Hints about the admin page.
Now look at the URL
It looks like something interesting, just try to change the ‘guest’ with ‘admin’ to login as admin.
Wow.. we logged in as admin and got the flag.
Yes, we bypassed the authentication using idor vulnerability.
Submit the flag.
Thank You for Reading…
Happy Hacking ..!!