Coder Social home page Coder Social logo

vrajbharambe / thm_neighbour Goto Github PK

View Code? Open in Web Editor NEW
0.0 1.0 0.0 4 KB

This is the writeup or walkthrough of CTF challenge Neighbour from TryHackMe. https://tryhackme.com/room/neighbour

ctf-solutions tryhackme tryhackme-answers tryhackme-writeups walkthrough writeup-ctf writeups tryhackme-neighbour

thm_neighbour's Introduction

TryHackMe Neighbour CTF Walkthrough/writeup

TryHackMe:- Neighbour

We have to exploit IDOR(Insecure Direct Object Reference) vulnerability.

Visit the IP

Home

As you can see we landed on login page and it is asking for credentials, which we don't have.
At bottom it asks us to press Ctrl + U.

Inspect/View-source

inspect

As we can see Credentials for guest login are given.

Login as Guest

user

Inspecting URL

http://10.10.***.***/profile.php?user=guest

As you can see the get parameter in URL is pointing toward user=guest, but what if we try to change the username in the URL. As mentioned earlier this challenge is IDOR so let's try changing the guest user to admin.

Modifying the URL parameter

http://10.10.***.***/profile.php?user=admin

Lets type this into URL bar and hit Enter.

Admin


BOOM!!! We got the Flag..

Thanks to TryHackMe for providing such an awesome cybersecurity practicing platform ❤️.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.