LogoLogo
  • 🤩Welcome!
  • Buffer overflow
    • Remote Buffer Overflow
      • Crashing the Application
      • Controlling the EIP
      • Finding Bad Characters
      • Finding a Return Address
      • Generating Shellcode
      • Getting a Shell
  • Wireless Penetration Testing
    • Wifi Pineapple - Tetra
      • Setup
      • Firmware Upgrade
      • Capturing Wireless Handshake
      • Cracking WPA2 Handshake
      • PineAP
      • Modules
  • PortSwigger Labs
    • Authentication
      • Username enumeration via different responses
      • Username enumeration via subtly different responses
      • Username enumeration via response timing
  • TryHackMe
    • 🎄Advent of Cyber 3 (2021)
      • [Day 1] Save The Gifts
      • [Day 2] Elf HR Problems
      • [Day 3] Christmas Blackout
      • [Day 4] Santa's Running Behind
      • [Day 5] Pesky Elf Forum
      • [Day 6] Patch Management Is Hard
      • [Day 7] Migration Without Security
      • [Day 8] Santa's Bag of Toys
      • [Day 9] Where Is All This Data Going
  • Google Cloud Computing
    • ☁️Cloud Computing Fundamentals
      • Getting Started with Cloud Shell and gcloud
      • Creating a Virtual Machine
      • App Engine: Qwik Start - Python
      • Cloud Functions: Qwik Start - Command Line
      • Kubernetes Engine: Qwik Start
      • Set Up Network and HTTP Load Balancers
Powered by GitBook
On this page
  • Story
  • Challenge

Was this helpful?

  1. TryHackMe
  2. Advent of Cyber 3 (2021)

[Day 1] Save The Gifts

{Web Exploitation = Insecure Direct Object Reference vulnerability}

PreviousAdvent of Cyber 3 (2021)Next[Day 2] Elf HR Problems

Last updated 3 years ago

Was this helpful?

Story

The inventory management systems used to create the gifts have been tampered with to frustrate the elves. It's a night shift, and McStocker comes to McSkidy panicking about the gifts all being built wrong. With no managers around to fix the issue, McSkidy needs to somehow get access and fix the system and keep everything on track to be ready for Christmas!

Challenge

Accessing the site reveals an Inventory Management System.

Heading to the Your Activity tab reveals the current user's Name, Employee ID and Position.

Modifying the user_id request parameter in the URL exposes the IDOR (Insecure Direct Object Reference) vulnerability exsistent on the website as shown below. Using this vulnerability we are able to fish out the user ids of the staff in the company

santa = 1

After finding Santa's account, what is their position in the company?

  • The Boss!

McStocker = 3

After finding McStocker's account, what is their position in the company?

  • Build Manager

Repeating this, we find the employee's profile that had made the rogue changes.

Grinch = 9

After finding the account responsible for tampering, what is their position in the company?

  • Mischief Manager

Hitting revert on all actions fixes the problem and reveals the flag as shown below.

What is the received flag when McSkidy fixes the Inventory Management System?

  • THM{AOC_IDOR_********}

🎄