TryHackMe: Walking An Application Writeup
1 min readMar 29, 2022
This room intends to manually review a web application for security issues using only the browser's developer tools, also hacking with just the browser, no tools or scripts. This room can be accessed using this link: https://tryhackme.com/room/walkinganapplication
Task 1: Walking An Application
- I confirm that I have deployed the virtual machine and opened the website. Answer: No answer needed
Task 2: Exploring The Website
- Read the above. Answer: No answer needed
Task 3: Viewing The Page Source
- What is the flag from the HTML comment? Answer: THM{HTML_COMMENTS_ARE_DANGEROUS}
- What is the flag from the secret link? Answer: THM{NOT_A_SECRET_ANYMORE}
- What is the directory listing flag? Answer: THM{INVALID_DIRECTORY_PERMISSIONS}
- What is the framework flag? Answer: THM{KEEP_YOUR_SOFTWARE_UPDATED}
Task 4: Developer Tools — Inspector
- What is the flag behind the paywall? Answer: THM{NOT_SO_HIDDEN}
Task 5: Developer Tools — Debugger
- What is the flag in the red box? Answer: THM{CATCH_ME_IF_YOU_CAN}
Task 6: Developer Tools — Network
- What is the flag shown on the contact-msg network request? Answer: THM{GOT_AJAX_FLAG}
Follow me on LinkedIn: https://www.linkedin.com/in/-prashantkumar07/