Fun video! I really like how you showed where you learned and what you were thinking instead of pretending to be born perfect like most RU-vid videos! Also, I didn’t hear anything wrong the audio at all. 🤷♂️
Hey Serena. Your mic volume was a bit quiet, but great video anyway. Yeah, do more CTF stuff, as I'm slowly learning stuff, lol. Have a great rest of the week, and stay beautiful. xx
writing scripts and all is good for your practice ngl, but this is just a lengthy process, they already gave you a hint in description saying "IDOR" vulnerabilities. It simply means messing with URL, to short this, when you click on the door, they give you some md5 hash saying a number, for instance "c4ca4238a0b923820dcc509a6f75849b" decrypting this md5,we get "1" as an answer. Now ,as I have solved a lot of rooms, all I can say is that you have to think outside the box, Door starts with "1" ,so there is no "0" numbered door. As simple as that, simply go to web of md5 encryption, enter number "0" ,encrypt "0" number to md5 hash, copy that encrypted hash and paste it in the url after the ip, you will get you flag. Again, NO OFFENSE ,you did your hard work, and i appreciate it. Happy Hacking :)
I want to see someone do hackthebox battlegrounds. Maybe you could do this in the future. You could do blue team since it seems that is where your experience is.
Turns out range starts by defaults at 0 in python (you can check by running list(range(10)) for example) So you had uncovered the door 0 with wfuzz. It's just that wfuzz seems to start it's numbering at 1. We can check that the first hash you get is indeed the hash of 0, for example by running in python, hashlib.md5(b"0").hexdigest(), which'll give you the first hash tried by wfuzz 😊
