Room Description: “Can you escape the Corridor?”
Task 1: Escape the Corridor
Task Description: “You have found yourself in a strange corridor. Can you find your way back to where you came?
In this challenge, you will explore potential IDOR vulnerabilities. Examine the URL endpoints you access as you navigate the website and note the hexadecimal values you find (they look an awful lot like a hash, don’t they?). This could help you uncover website locations you were not expected to access.”
To begin this room the first thing that we need to do is to start the machine & the attackbox (or use personal VM while being connected to the VPN).
We are given the following IP address for the machine (10.10.87.244), your IP will be different. And I am going to drop this IP into firefox to see if there is a website available.
And we have a website (reminds me of SCP)First Room from the left
The first room that I clicked on seems to reveal a string, judging by the room description I will have to assume that it’s a hash. I will be using CrackStation to find out more about it.
CrackStation Hash Cracking
The first hash is md5 and the result is 1
Now I’m thinking that all of the other rooms will have hashes so I am going to go through every hash and use CrackStation to see if I can find any clues.
Hashes from the doors
Looking at the hashes and the results and I can’t seem to get any useful information