Skip to content
/ THM_Neighbour Public

This is the writeup or walkthrough of CTF challenge Neighbour from TryHackMe. https://tryhackme.com/room/neighbour

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

VrajBharambe/THM_Neighbour

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

README.md

README.md

 
 

Repository files navigation

TryHackMe Neighbour CTF Walkthrough/writeup

TryHackMe:- Neighbour

We have to exploit IDOR(Insecure Direct Object Reference) vulnerability.

Visit the IP

Home

As you can see we landed on login page and it is asking for credentials, which we don't have.
At bottom it asks us to press Ctrl + U.

Inspect/View-source

inspect

As we can see Credentials for guest login are given.

Login as Guest

user

Inspecting URL

http://10.10.***.***/profile.php?user=guest

As you can see the get parameter in URL is pointing toward user=guest, but what if we try to change the username in the URL. As mentioned earlier this challenge is IDOR so let's try changing the guest user to admin.

Modifying the URL parameter

http://10.10.***.***/profile.php?user=admin

Lets type this into URL bar and hit Enter.

Admin


BOOM!!! We got the Flag..

Thanks to TryHackMe for providing such an awesome cybersecurity practicing platform ❤️.

About

This is the writeup or walkthrough of CTF challenge Neighbour from TryHackMe. https://tryhackme.com/room/neighbour

Topics

writeups walkthrough ctf-solutions tryhackme writeup-ctf tryhackme-writeups tryhackme-answers tryhackme-neighbour

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published