Advent of Cyber 3 (2021)- [Day-1] Web Exploitation Save The Gifts

Complete a beginner friendly cyber security exercise everyday leading up to Christmas

Advent of Cyber 3 (2021)- [Day-1] Web Exploitation Save The Gifts

“Get started with Cyber Security in 25 days, by learning the basics and completing a new, beginner friendly security exercise every day leading up until Christmas; an advent calendar but with security challenges and not chocolate.”

Room here: https://tryhackme.com/room/adventofcyber3

Please note, tasks are released daily and will vary in difficulty (although will always be aimed at a beginner level)

Question 1: After finding Santa’s account, what is their position in the company?

image.png Looks like there are a few tabs to choose from in the Inventory Management System. If you choose “Your Activity” you can see your own user profile information:

image.png We need to find Santa’s profile, so I just assumed he would be User 1. You can navigate there by simply changing the user id in the URL:

image.png -The Boss!

Question 2: After finding McStocker’s account, what is their position in the company? Use the same technique and you can find McStocker as User 3:

image.png -Build Manager

Question 3: After finding the account responsible for tampering, what is their position in the company? Moving upwards numerically, you will eventually come to this profile:

image.png It seems the Grinch has been tampering with inventory data. -Mischief Manager

Question 4: What is the received flag when McSkidy fixes the Inventory Management System? You can fix the inventory system by clicking revert on all the SKU Changes made by the Grinch. Upon doing so, you will be presented with the flag:

image.png -THM{AOC_IDOR_2B34BHI3}

That’s all for today. Thank you

Follow me on:

facebook.com/parthokumar.saha.39
linkedin.com/in/partho-kumar-saha-bb2176184
instagram.com/i.m.partho