Post

TryHackMe - Corridor

Posted Updated
By Nasrallah Baadi 1 min read

Description

Hello hackers, I hope you are doing well. We are doing Corridor from TryHackMe. In this challenge, you will explore potential IDOR vulnerabilities. Examine the URL endpoints you access as you navigate the website and note the hexadecimal values you find (they look an awful lot like a hash, don’t they?). This could help you uncover website locations you were not expected to access.

Web

Let’s go to the web page.

There are a bunch of door and each one goes to a page. Let’s check the source code.

As we can see every page has a name hashed with what looks like md5.

Let’s click on one of the doors.

It took us to an empty room, let’s crack the hash on crackstation.

We got 8, this means the other doors are also hashed numbers.

Let’s try the hash of number 0.

If go the that page, we get the flag.

Thank you for taking the time to read my write-up, I hope you have learned something from this. If you have any questions or comments, please feel free to reach out to me. See you in the next hack :).

TryHackMe
tryhackme web easy idor
This post is licensed under CC BY 4.0 by the author.