# \[Day 1] Save The Gifts ## Story The inventory management systems used to create the gifts have been tampered with to frustrate the elves. It's a night shift, and McStocker comes to McSkidy panicking about the gifts all being built wrong. With no managers around to fix the issue, McSkidy needs to somehow get access and fix the system and keep everything on track to be ready for Christmas! ## Challenge Accessing the site reveals an `Inventory Management System`. ![](/files/A3a5bbx8xgcCX7isqTiU) Heading to the Your Activity tab reveals the current user's `Name`, `Employee ID` and `Position`. ![](/files/0KfPzKDMtmKDwnFDxFQ8) Modifying the `user_id` request parameter in the URL exposes the IDOR (Insecure Direct Object Reference) vulnerability exsistent on the website as shown below. Using this vulnerability we are able to fish out the user ids of the staff in the company ``` santa = 1 ``` ![](/files/mwledXNCISAPIOryRUXt) {% hint style="success" %} After finding Santa's account, what is their position in the company? * The Boss! {% endhint %} ``` McStocker = 3 ``` ![](/files/lAoULpoq0Tbsi88uMAiz) {% hint style="success" %} After finding McStocker's account, what is their position in the company? * Build Manager {% endhint %} Repeating this, we find the employee's profile that had made the rogue changes. ``` Grinch = 9 ``` ![](/files/Y42so5gKbDtJKhsjd511) {% hint style="success" %} After finding the account responsible for tampering, what is their position in the company? * Mischief Manager {% endhint %} Hitting revert on all actions fixes the problem and reveals the flag as shown below. ![](/files/QCWHMxmhrADIkq5nSmiL) {% hint style="success" %} What is the received flag when McSkidy fixes the Inventory Management System? * **THM{AOC\_IDOR\_\*\*\*\*\*\*\*\*}** {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://repo.4pfsec.com/tryhackme/advent-of-cyber-3-2021/day-1-save-the-gifts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.