Technical Report

Detailed analysis for technical teams, covering methodologies, tools, and findings.

Technical Security Report: "Corridor" System

Purpose of the Report

This technical report outlines the steps taken to exploit an IDOR vulnerability in the Corridor machine, a beginner-level CTF challenge focused on insecure object references in web applications.


Methodology

  1. Navigate to the target URL and examine the web layout.

  2. Analyze the behavior of door selection and corresponding URLs.

  3. Use CrackStation to reverse MD5 hashes.

  4. Identify the logic mapping door numbers to hashes.

  5. Use CyberChef to generate new MD5 hashes for custom values.

  6. Inject new hashes into the URL to probe unauthorized data.


Detailed Findings

Reconnaissance

  • The web interface shows 13 doors.

  • Each door redirects to a URL containing an MD5 hash.

  • Example: /room.php?id=d3c8d9...

Gaining Access

  • Reversing the hash from Door 1 using CrackStation reveals the number 1.

  • Confirmed that each hash corresponds to its respective door number.

  • Generated MD5 hashes for 0 and 14 using CyberChef.

Exploitation

  • By replacing the hash in the URL with the MD5 of 0, we accessed content not available from the UI.

  • This URL revealed the flag, completing the challenge.


Recommendations

  • Never rely on client-side obfuscation as access control.

  • Enforce server-side authorization checks for object access.

  • Avoid MD5 for security-related operations.

  • Use secure, opaque identifiers and validate permissions explicitly.


Conclusion

The exploitation of the Corridor machine highlighted a classic IDOR flaw, easily identified and exploited using basic tools and logic. In a real-world context, this vulnerability could expose critical data and functionalities.

Last updated