일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |
- burp suite
- ctf
- Burp Suite: Other Modules
- Windows Forensics 1
- Intruder
- Burp Suite: Intruder
- Walkthrough
- advent of cyber 3
- CTFS
- TryHackMe
- Today
- Total
root@sky:~#
[Day 1] Advent of Cyber 3 (2021) | TryHackMe 본문
Web Exploitation
Save The Gifts
Story
The inventory management systems used to create the gifts have been tampered with to frustrate the elves. It's a night shift, and McStocker comes to McSkidy panicking about the gifts all being built wrong. With no managers around to fix the issue, McSkidy needs to somehow get access and fix the system and keep everything on track to be ready for Christmas!
Learning Objectives
- What is an IDOR vulnerability?
- How do I find and exploit IDOR vulnerabilities?
- Challenge Walkthrough.
Answer the questions below
Q.) After finding Santa's account, what is their position in the company?
A.) The Boss!
Process:- I am opening the site by clicking the green "view site" button and clicking on the " Your Activity " tab,
Now, I noticed that there is a query in the URL "user_id=11",
I changed the user id 11 to 1, just guessing,
Woo, I found the Santa.
Q.) After finding McStocker's account, what is their position in the company?
A.) Build Manager
Process:- Just randomly changed the user id like 2, 3, and I got the McStocker's account.
Q.) After finding the account responsible for tampering, what is their position in the company?
A.) Mischief Manager
Process:- Again randomly changed the user id and I got an account that is responsible for tampering.
Q.) What is the received flag when McSkidy fixes the Inventory Management System?
A.) THM{AOXXXXXXXXXXXXXXX3}
Process:- Clicked all the "Revert" buttons to revert all the tampering and I got the flag.
Thanks for reading.
Have a lovely day :-)
'CTFs > TryHackMe' 카테고리의 다른 글
[Day 3] Advent of Cyber 3 (2021) | TryHackMe (0) | 2021.12.06 |
---|---|
[Day 2] Advent of Cyber 3 (2021) | TryHackMe (0) | 2021.12.03 |
Pickle Rick | TryHackMe Walkthrough (0) | 2021.12.01 |
TryHackMe | Jr Penetration Tester Write-up | Walking An Application (0) | 2021.11.07 |
TryHackMe | Jr Penetration Tester Write-up | Principles of Security (0) | 2021.11.06 |