Writeup for Corridor room at Tryhackme. Corridor room can be found here: https://tryhackme.com/room/corridor
The website shows white corridor with multiple doors.
Clicking on a door opens a picture of a white room and the URL of this picture contains a hash.
Downloading websites' source code with curl shows multiple hashes of same length.
Now I'll save all these hashes to a file and check their type with hash-identifier.
All hashes were identified as MD5.
To crack hashes, John the Ripper tool will be used.
Turns out, all hashed URL endpoints are numbers from 1 to 13.
To exploit an IDOR vulnerability, let's choose a number that is different from what's already found. I'll start with 14.
I've created MD5 hash for number 14 with command echo -n 14 | md5sum.
Such page is not found. Let's create a hash for number 0.
Ading this hash to the URL gives the flag for this room!
