TryHackMe: Walking An Application Writeup

Walking an Application Logo at TryHackMe

This room intends to manually review a web application for security issues using only the browser's developer tools, also hacking with just the browser, no tools or scripts. This room can be accessed using this link: https://tryhackme.com/room/walkinganapplication

Task 1: Walking An Application

  1. I confirm that I have deployed the virtual machine and opened the website. Answer: No answer needed

Task 2: Exploring The Website

  1. Read the above. Answer: No answer needed

Task 3: Viewing The Page Source

  1. What is the flag from the HTML comment? Answer: THM{HTML_COMMENTS_ARE_DANGEROUS}
  2. What is the flag from the secret link? Answer: THM{NOT_A_SECRET_ANYMORE}
  3. What is the directory listing flag? Answer: THM{INVALID_DIRECTORY_PERMISSIONS}
  4. What is the framework flag? Answer: THM{KEEP_YOUR_SOFTWARE_UPDATED}

Task 4: Developer Tools — Inspector

  1. What is the flag behind the paywall? Answer: THM{NOT_SO_HIDDEN}

Task 5: Developer Tools — Debugger

  1. What is the flag in the red box? Answer: THM{CATCH_ME_IF_YOU_CAN}

Task 6: Developer Tools — Network

  1. What is the flag shown on the contact-msg network request? Answer: THM{GOT_AJAX_FLAG}

Follow me on LinkedIn: https://www.linkedin.com/in/-prashantkumar07/

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store