Tryhackme Advent of Cyber 3 [Day-1] Walkthrough

Christmas special writeup

Welcome back amazing hackers I am here to come up with a new interesting article which is going to be TryHackme Cyber Advent 3 [Day-1] walkthrough.

Before getting into the challenge hope you read the challenge instructions. Let's dive into the day 1 challenge, the concept they discussed here is web exploitation on IDOR. IDOR stands for Insecure Direct Object Reference is an access control vulnerability. Using this vulnerability attackers can get into the victim's account easily. Once the attacker gets into information then he will access the resources on behalf of a legitimate user who owns it.

How to find and exploit this vulnerability?

IDOR vulnerability work on changing the user-supplied data. User-supplied data focussed on 3 places:

1. Query Component
2. Post Variables
3. Cookies

Query Component: Data passed via URL when requesting to a website.

https://example.com/profile?id=19 these URLs can be breakdown into several parts which are:

Protocol: https://

Domain: example.com

Page: /profile

Query Component: id=19

?id parameter is vulnerable to the IDOR attack, if modify id=19 to any value like id=18 then we can get some user value person who registered on the website.

Post Variables: If the user changes the password in the web application which may reveal the value of the particular user.

Cookies: When the user logged in web application cookies saves the session-id of individuals who logged in. A developer may sometimes include a user id on cookies which may vulnerable to IDOR.

Challenge Walkthrough:

The Challenge walkthrough is on the inventory management system. We have to find flags by exploiting IDOR vulnerability.

This is the interface of the page. The dashboard given above in the webpage is Completed orders, Builds, inventory, your activity.

Now the task time

After finding Santa’s account, what is their position in the company?

The Boss!

Solution: I changed user-id to 1 which result in a Santa account.

https://inventory-management.thm/activity?user_id=1

After finding McStocker’s account, what is their position in the company?

Build Manager

Solution: I have to switch to McStocker’s account. For that, I manipulate the user-id value to 3.

After finding the account responsible for tampering, what is their position in the company?

Mischief Manager

Solution: I changed the value to 9 which is meant for tampering functionality.

What is the received flag when McSkidy fixes the Inventory Management System?

THM{AOC_IDOR_2B34BHI3}

By applying revert you will get a flag for this day 1 challenge. Hope you enjoyed the day 1 challenge we will meet on day 2.