You have found yourself in a strange corridor. Can you find your way back to where you came?

In this challenge, you will explore potential IDOR vulnerabilities. Examine the URL endpoints you access as you navigate the website and note the hexadecimal values you find (they look an awful lot like a hash, don't they?). This could help you uncover website locations you were not expected to access.

The website serves an image of a corridor site

The html on the page shows the info for an image map containing hashes hashes

Clicking each door takes us to a subdirectory that looks like a hash, and a google search confirms that these are the MD5 hashes of the numbers corresponding to the doors left-to-right

door 1

door 1 google

door 2

door 2 google

This is an example of IDOR, and we might be able to use this scheme to find some interesting pages.

We can get the MD5 hash of 0 and see what’s there.

flag