https://tryhackme.com/room/neighbour
Difficulty: Easy
Enumeration :
I started with the quick rust scan & got the 2 open ports :
22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
80/tcp open http syn-ack ttl 62 Apache httpd 2.4.53 ((Debian))
I checked the Apache HTTP server & found a login page on it, with a account creation option.
I tried some SQL payloads to see if it was vulnerable, but I was unsuccessful. đŸ˜• Then I switch to the html source code view & found ‘guest’ credentials to login.
Flag.txt :
I logged in to the account using the credentials ‘guest:guest’ and found this page :
In the URL, I noticed that it was pointing towards the guest user :
?user=guest
This may lead to an IDOR vulnerability.
Considering the above scenario I changed the parameter and replaced ‘guest’ with ‘admin’ to get the flag. (pwn3d!đŸ™‚)
?user=admin
