Writeups
HackTheBox
- Easy Machines
TryHackMe
- Walkthroughs: Easy
- Challenges (CTF): Easy
Crackmes.one
- 1 Difficulty Rating
  - easyAF
  - Easy Keyg3nme

Powered by GitBook

On this page

Introduction
Section 1: IDOR
Introduction
Exploitation
Challenge
Section 2: Forced Browsing
Introduction
Manual Exploitation
Automatic Exploitation
Challenge
Section 3: API Bypassing
Introduction
Exploitation
Challenge

Was this helpful?

ZTH: Web 2

PreviousSQL Injection NextSSRF

Last updated 3 years ago

Introduction

Section 1: IDOR

Introduction

Exploitation

Challenge

Lets check the webpage

Lets login with the given credentials

Lets change the note parameter value to 0

Section 2: Forced Browsing

Introduction

Manual Exploitation

Automatic Exploitation

Challenge

Lets go to the web page

Lets login with the given credentials

Lets fuzz the name place so that we can find the right username

After some time we get a hit which is password

Section 3: API Bypassing

Introduction

Exploitation

Challenge

Lets check the web page

Lets login

We have an admin.php page and we can run commands, lets test a command

Looks like we are taken to a api.php page. admin.php might be a file on the machine, so we are directly accessing the directories of the machine in the URL, lets look for the flag which might be in a while called flag.txt (Most capture of the flag machines)