Corridor | tryhackme

Si3r3
3 min readNov 3, 2022

--

Hello,

here we are again with another ctf from tryhackme. This one is particularly interesting cos it projected a particular type of vulnerability on websites-IDORs.

For those of us that don’t know what IDORs are, it means Insecure Direct Object Reference. And if that still doesn’t make sense, it refers to an access control vulnerability where unvalidated user input can be used for unauthorized access to resources or operations.

Still doesn’t make sense? Read through this.

It’s usually found in url endpoints. This ctf challenge explores IDORs in action; so stay with me as I walk you through this challenge. It was quite an interesting one.

Corridor THM

Platform: Tryhackme

Title: Corridor

Difficulty: Easy

Link: https://tryhackme.com/room/corridor

The challenge simply tells us to find our way back. From the hint, you’ll find that the end points follow a particular pattern.

I would have done an nmap scan, but we’re already told it’s an IDOR, why waste your time? You can do that yourself by

nmap -sV -sC $IP

But I’ll go straight to slap the IP to the web browser. For some reasons, this my web browser keeps adding the https after I hit return key on pasting the given IP. So I added the “:80" to the IP and it worked.

I’m faced with an image

of so many doors. I have to find my way back.

Using directory fuzzers returns nothing tangible, so I resorted to viewing the source code.

From the screenshot, you can see various links that seems not to make sense. They’re more like hashes. They are directories and will lead you to different rooms. Example

I used hash-identifier from blacksploit to detect an md5 hash. Pasting the hashes gives on Crackstation gives you numbers from 1 to 13.

If we were to go back to where we came from, we needed to use the md5 hash of 0. To do that I ran the following command on my terminal

echo -n 0 | md5sum

which gives an output of “cfcd208495d565ef66e7dff9f98764da”

heading to the IP address and adding the directory $IP/cfcd208495d565ef66e7dff9f98764da, I’m greeted with the flag.

Leave a comment below. Your suggestions too will be appreciated.

--

--

Si3r3
Si3r3

Written by Si3r3

Information security. I'll soon be writing down stuffs for the community.

No responses yet