📓
Pentesting
  • Writeups
  • HackTheBox
    • Easy Machines
      • Beep Writeup
      • Shocker Writeup
      • Lame Writeup
      • Jerry Writeup
      • Legacy Writeup
      • Blue Writeup
  • TryHackMe
    • Walkthroughs: Easy
      • CC: Steganography
      • Cryptography for Dummies
      • Cross-site Scripting
      • SQL Injection Lab
      • SQL Injection
      • ZTH: Web 2
      • SSRF
      • XXE
      • Authenticate
      • Injection
      • Blaster
      • The Cod Caper
      • Hardening Basics Part 1
      • What the Shell?
      • Game Zone
      • Upload Vulnerabilities
      • Bolt
      • Erit Securus 1
      • CC: Pentesting
      • JavaScript Basics
      • OverPass 2 - Hacked
      • Linux: Local Enumeration
      • Ice
      • Linux Backdoors
      • Avengers Blog
      • DNS in Detail
      • Putting it all together
      • Kenobi
      • Common Linux Privesc
      • Network Services 2
      • Network Services
      • The Hacker Methodology
      • The Find command
      • HTTP in Detail
      • Web Fundamentals
      • How Websites Work
      • Introductory Networking
    • Challenges (CTF): Easy
      • VulNet: Roasted
      • VulNet: Internal
      • Git Happens
      • Kiba
      • VulNet: Node
      • Memory Forensics
      • Smag Grotto
      • Investigating Windows
      • Cat Pictures
      • Juicy Details
      • Anthem
      • Tony The Tiger
      • Jack-of-All-Trades
      • JPGChat
      • Blueprint
      • All in One
      • Gotta Catch'em All
      • Mustacchio
      • Break Out The Cage
      • HeartBleed
      • Poster
      • Madness
      • Source
      • Thompson
      • Library
      • Magician
      • Anonforce
      • Dav
      • GLITCH
      • Fowsniff CTF
      • Team
      • H4cked
      • Easy Peasy
      • ColddBox: Easy
      • Archangel
      • Cyborg
      • Chocolate Factory
      • Brute It
      • Year of the Rabbit
      • ChillHack
      • Gaming Server
      • Brooklyn Nine Nine
      • Wgel CTF
      • Tomghost
      • ToolsRus
      • Skynet
      • Startup
      • Agent Sudo
      • Lian-Yu
      • OhSINT
      • Overpass
      • Crack The Hash
      • Ignite
      • Inclusion
      • Bounty Hunter
      • LazyAdmin
      • RootMe
      • Pickle Rick
      • Basic Pentesting
      • Simple CTF
  • Crackmes.one
    • 1 Difficulty Rating
      • easyAF
      • Easy Keyg3nme
Powered by GitBook
On this page
  • Introduction
  • Section 1: IDOR
  • Introduction
  • Exploitation
  • Challenge
  • Section 2: Forced Browsing
  • Introduction
  • Manual Exploitation
  • Automatic Exploitation
  • Challenge
  • Section 3: API Bypassing
  • Introduction
  • Exploitation
  • Challenge

Was this helpful?

  1. TryHackMe
  2. Walkthroughs: Easy

ZTH: Web 2

PreviousSQL InjectionNextSSRF

Last updated 3 years ago

Was this helpful?

Introduction

Section 1: IDOR

Introduction

Exploitation

Challenge

Lets check the webpage

Lets login with the given credentials

Lets change the note parameter value to 0

Section 2: Forced Browsing

Introduction

Manual Exploitation

Automatic Exploitation

Challenge

Lets go to the web page

Lets login with the given credentials

Lets fuzz the name place so that we can find the right username

After some time we get a hit which is password

Section 3: API Bypassing

Introduction

Exploitation

Challenge

Lets check the web page

Lets login

We have an admin.php page and we can run commands, lets test a command

Looks like we are taken to a api.php page. admin.php might be a file on the machine, so we are directly accessing the directories of the machine in the URL, lets look for the flag which might be in a while called flag.txt (Most capture of the flag machines)