Advent of Cyber 3 (2021)- [Day-1] Web Exploitation Save The Gifts
Complete a beginner friendly cyber security exercise everyday leading up to Christmas
“Get started with Cyber Security in 25 days, by learning the basics and completing a new, beginner friendly security exercise every day leading up until Christmas; an advent calendar but with security challenges and not chocolate.”
Room here: https://tryhackme.com/room/adventofcyber3
Please note, tasks are released daily and will vary in difficulty (although will always be aimed at a beginner level)
Question 1: After finding Santa’s account, what is their position in the company?
Looks like there are a few tabs to choose from in the Inventory Management System. If you choose “Your Activity” you can see your own user profile information:
We need to find Santa’s profile, so I just assumed he would be User 1. You can navigate there by simply changing the user id in the URL:
-The Boss!
Question 2: After finding McStocker’s account, what is their position in the company? Use the same technique and you can find McStocker as User 3:
-Build Manager
Question 3: After finding the account responsible for tampering, what is their position in the company? Moving upwards numerically, you will eventually come to this profile:
It seems the Grinch has been tampering with inventory data. -Mischief Manager
Question 4: What is the received flag when McSkidy fixes the Inventory Management System? You can fix the inventory system by clicking revert on all the SKU Changes made by the Grinch. Upon doing so, you will be presented with the flag:
-THM{AOC_IDOR_2B34BHI3}
That’s all for today. Thank you
Follow me on:
facebook.com/parthokumar.saha.39
linkedin.com/in/partho-kumar-saha-bb2176184
instagram.com/i.m.partho