Post

Neighbour TryHackMe Writeup

Check out our new cloud service, Authentication Anywhere. Can you find other user’s secrets?

Posted
Preview Image
By Hemantha Krishna Challa
1 min read
Neighbour TryHackMe Writeup

Check out our new cloud service, Authentication Anywhere. Can you find other user’s secrets?

Check out our new cloud service, Authentication Anywhere. Can you find other user’s secrets?

Room: https://tryhackme.com/room/neighbourimageimage

Scenario

Check out our new cloud service, Authentication Anywhere — log in from anywhere you would like! Users can enter their username and password, for a totally secure login process! You definitely wouldn’t be able to find any secrets that other people have in their profile, right?

Initial Access

Navigate to the Target Machine IP from the AttackBox.image

On the homepage, view the page source.image

There’s an interesting HTML comment:

<! — use guest:guest credentials until registration is fixed. “admin” user account is off limits!!!!! →

This suggests we can log in using the credentials:

Username: guest Password: guest

Exploring the Application

image

After logging in as the guest user, examine the page source again.image

Another comment is present: <! — admin account could be vulnerable, need to update →

This implies the admin account might have a security flaw.

Profile Access via URL Manipulation

The current page URL is:

1

http://MACHINE_IP/profile.php?user=guest

We can try changing the user parameter from guest to admin:

1

http://MACHINE_IP/profile.php?user=admin

image

🎉 Flag found!

The flag was successfully displayed in the browser.

Conclusion

This room demonstrates the risks associated with insecure comments in HTML source code and insufficient access controls. By reviewing the page source, we discovered hardcoded credentials and hints about a potentially vulnerable admin account. Simple URL manipulation allowed unauthorized access to the admin profile, indicating a lack of proper authorization checks on server-side resources. This highlights the importance of:

  • Avoiding sensitive information in client-side code (e.g., HTML comments),- Implementing robust access controls,- And thoroughly testing user input and session validation mechanisms.

Overall, this room is a great example of how seemingly minor oversights can lead to critical vulnerabilities.

Thank you for reading my write-up. I hope you found it useful

cybersecurity
tryhackme writeup
This post is licensed under CC BY 4.0 by the author.