TryHackMe: Walking An Application Writeup

This room intends to manually review a web application for security issues using only the browser's developer tools, also hacking with just the browser, no tools or scripts. This room can be accessed using this link: https://tryhackme.com/room/walkinganapplication

Task 1: Walking An Application

1. I confirm that I have deployed the virtual machine and opened the website. Answer: No answer needed

Task 2: Exploring The Website

1. Read the above. Answer: No answer needed

Task 3: Viewing The Page Source

1. What is the flag from the HTML comment? Answer: THM{HTML_COMMENTS_ARE_DANGEROUS}
2. What is the flag from the secret link? Answer: THM{NOT_A_SECRET_ANYMORE}
3. What is the directory listing flag? Answer: THM{INVALID_DIRECTORY_PERMISSIONS}
4. What is the framework flag? Answer: THM{KEEP_YOUR_SOFTWARE_UPDATED}

Task 4: Developer Tools — Inspector

1. What is the flag behind the paywall? Answer: THM{NOT_SO_HIDDEN}

Task 5: Developer Tools — Debugger

1. What is the flag in the red box? Answer: THM{CATCH_ME_IF_YOU_CAN}

Task 6: Developer Tools — Network

1. What is the flag shown on the contact-msg network request? Answer: THM{GOT_AJAX_FLAG}

Follow me on LinkedIn: https://www.linkedin.com/in/-prashantkumar07/