Skip to content

An easy ctf - Authentication Bypassing using IDOR vulnerability

Notifications You must be signed in to change notification settings

riyyoo/TryHackMe-Neighbour-Walkthrough

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 

Repository files navigation

TryHackMe-Neighbour

A very easy ctf dealing with IDOR | IDOR is a broken access control vulnerability where invalidated user input can be used to perform unauthorized access to application functions.

Room link :: https://tryhackme.com/room/neighbour

Let's Solve the Challenge ---

1. First get to the login page by visiting the <IP>

log

2. Now as you dont have the credentials, you can view the page source or press CTRL+U to get the guest login credentials( use the guest account!(CTRL+U) ) written below the Login button.

neigh1

3. Now visiting the page source, you get the Guest credentials > guest:guest 

neigh 2

4. Then Getting back to the login page you put in the credentials.

n3

5. yaay! Now you're a guest and the page says not to peep your neighbour’s profile. Mmmmmmm!

n4

6. So again we can view the page source.

n5

7. And now here you got some hints for the admin page and we know we are still logged in as guest.

n6

8. So now as we know that this challenge is IDOR , so try to change the ‘guest’ with ‘admin’ to login as admin.

n77

9. aaaaaa! You're now logged in as admin and you have got the flag > flag{***************}

nfinal

10. Now submit the flag.
Thus using IDOR vulnerability, we bypassed the authentication.

What is IDOR vulnerability ?

  • Insecure direct object references are common, potentially devastating vulnerabilities resulting from broken access control in web applications. IDOR bugs allow an attacker to maliciously interact with a web application by manipulating a “direct object reference,” such as a database key, query parameter, or filename.

Hope this was helpful. thank you!

Answer the questions below :
Find the flag on your neighbor's logged in page!
-- flag{66be95c478473d91a5358f2440c7af1f}