CyberHeroes | TryHackMe | WriteUp | MZS

2 min readMay 27, 2022

Hello everyone, I hope you are doing well. This room is about authentication bypass vulnerability on TryHackMe.

I will go through the simple steps. First, we will look at the web page.

As we can see we have a login page, let’s visit it.

Here we can start with username enumeration using ffuf - Fuzz Faster U Fool. What is FFUF?
ffuf is a fest web fuzzer written in Go that allows typical directory discovery, virtual host discovery (without DNS records) and GET and POST parameter fuzzing. ffuf | Kali Linux Tools

But first and foremost let us check its page source for any possible additive information during our recon phase.

Look what we have found…! When we look at the script behind the authentication process of this web application, we have found out user name and reserve string of passwords. Lets perform reversing string of the password using online tool at Code Beautify.

Now use this user name and password to login into the web application and capture the flag.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by Zargham Siddiqui

14 Followers

14 Following

I am an Informatics Specialist , Cyber Security and Digital Forensics researcher.

Responses (1)

Write a response

What are your thoughts?

Also publish to my profile

Security Hacker

Jul 31, 2022

Good

Recommended from Medium

Hugh brown

[WalkThrough/Hints] Brainpan 1 THM

A walkthrough and guide for Buffer overflow

Nov 1, 2024

TryHackMe — Search Skills | Cyber Security 101 (THM)

rutbar

TryHackMe — Search Skills | Cyber Security 101 (THM)

Evaluation of Search Results

Oct 26, 2024

Lists

Tech & Tools

23 stories409 saves

Medium's Huge List of Publications Accepting Submissions

414 stories4677 saves

Staff picks

826 stories1649 saves

Natural Language Processing

1977 stories1619 saves

CyferNest Sec

Lo-Fi CTF | TryHackMe CTF Walkthrough

You can access the Lo-Fi room on TryHackMe here.

Jan 19

TheHiker

Silver-Platter , TryHackMe Walkthrough | TheHiker

Hello everyone, today I’ll be covering the “Silver-Platter” room on TryHackMe. I think that this room is great for intermediate students…

Jan 12

RosanaFSS

NTFS Analysis : TryHackMe Walkthrough

Explore the NTFS file system, its layout, and important components.

5d ago

Rabbit Store Boot2Root CTF — TryHackMe Writeup

KuroSh1R0

Rabbit Store Boot2Root CTF — TryHackMe Writeup

Welcome back to my write-up! Today, I’ll walk you through a detailed, step-by-step breakdown of how I approached and solved the Rabbit…

Feb 25

See more recommendations

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams