Love Letter Locker
by othmane01
Love Letter Locker is a tryhackme easy challenge in this step-by-step walk-through we’ll solve it together.
Room Link: Tryheartme
website overview :
RECON
Gobuster:
gobuster dir -u http://10.49.182.19:5000/ -w /usr/share/wordlists/dirb/common.txt -s "200,301" -b "" -t 64 --no-error
===============================================================
Gobuster v3.8.2
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://10.49.182.19:5000/
[+] Method: GET
[+] Threads: 64
[+] Wordlist: /usr/share/wordlists/dirb/common.txt
[+] Status codes: 301,200
[+] User Agent: gobuster/3.8.2
[+] Timeout: 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
login (Status: 200) [Size: 1017]
register (Status: 200) [Size: 1048]
Progress: 4613 / 4613 (100.00%)
===============================================================
Finished
===============================================================
let’s try to login using a admin:admin creds
The response:
lets’ try to register a new account. and then Login
After creating a new letter and opening it, we can see the path where it is stored. By modifying the identifier in the request, it may be possible to access other users’ letters. This suggests the presence of an IDOR (Insecure Direct Object Reference) vulnerability, where the application fails to enforce proper access control on object references.
- creating a new Letter:
- Opening the letter we’ve created :
THE FLAG
THM{1_c4n_r3ad_4ll_l3tters_w1th_th1s_1d0r}
Special thanks to Tryhackme
that’s it . see you next time
