Corridor — Tryhackme Writeup

Corridor is a room on Tryhackme. It is based on IDOR(Insecure direct object references) vulnerability.

IDOR is an access control vulnerability which allows an attacker to access objects directly based on user input. It could allow an attacker access to a location on the website that he/she was not supposed to access.

On the home page of the website, we can see that all the doors are hyperlinks which are taking us to a different page that just shows us an empty room like shown below.

All the links are taking us to the same empty room.

In the description of the room, we can see that the hexadecimal names of these empty room pages may be hashes.

So, first of all we will try to identify the hash shown in the url of the first door.

The hash is identified as MD5 or MD4. Now let’s pass this hash to john the ripper to try cracking it using MD5 as format.

The hash was of the string ‘1’.

I tried to crack the hashes of all the pages the same way and I noticed that the original strings of those hashes range from ‘1’ to ‘13’.

It means that we can access pages ranging from 1 to 13. Now, let’s try to access page ‘0’. To do that we will have to generate MD5 hash of the string ‘0’ and add that hash to the url to try and find the flag.

Now, let’s add this to the url.

And voila! we were able to find the flag by exploiting the IDOR vulnerability. I have not shown you the entire flag so that you guys can try it out yourself.

Thanks for reading. Hope you liked this writeup.