Neighbour
desc
Check out our new cloud service, Authentication Anywhere. Can you find other user's secrets?
Check out our new cloud service, Authentication Anywhere -- log in from anywhere you would like! Users can enter their username and password, for a totally secure login process! You definitely wouldn't be able to find any secrets that other people have in their profile, right?
Access this challenge by deploying both the vulnerable machine by pressing the green "Start Machine" button located within this task, and the TryHackMe AttackBox by pressing the "Start AttackBox" button located at the top-right of the page.
Navigate to the following URL using the AttackBox: http://MACHINE_IP(opens in new tab)(opens in new tab)
Check out similar content on TryHackMe: IDOR
solution
pertama-tama saya mencoba untuk membuka halaman login, dan di dalam halaman login terdapat kalimat "Don't have an account? Use the guest account! (Ctrl+U)", jadi saya mencoba untuk melihat source code dari halaman login tersebut.
<!-- use guest:guest credentials until registration is fixed. "admin" user account is off limits!!!!! -->dan menemukan credensial untuk login sebagai guest, yaitu guest:guest. saya mencoba untuk login menggunakan credensial tersebut, dan berhasil masuk ke dalam halaman profile.
setelah login, dan mengamati saya curiga terhadap paramter user= yang jadi saya coba ubah value menjadi admin, dan ternyata saya berhasil masuk ke dalam halaman profile admin. dan mendapatkan flag
flag
flag{66be95c478473d91a5358f2440c7af1f}