# Write-up ### Objectives You have found yourself in a strange corridor. Can you find your way back to where you came?\ In this challenge, you will explore potential IDOR vulnerabilities. Examine the URL endpoints you access as you navigate the website and note the hexadecimal values you find (they look an awful lot like *hash*, don't they?). This could help you uncover website locations you were not expected to access. *** ### Resolution The trick with this machine lies in the objective. It mentions *“potential IDOR vulnerabilities”* and *“examine the URL endpoints”*, so we start by navigating to the URL. We are presented with a corridor containing 13 empty doors. Clicking on any door redirects us to a new URL that includes a **hash**.\ We take that hash and use **CrackStation** to try to decipher it.

It turns out to be a number — apparently, the corresponding door number. To confirm this, we repeat the process with the sixth and thirteenth doors. With this confirmed, we use **CyberChef** to generate the MD5 hashes for `0` and `14`, and then manually replace the URL hash to observe the outcome. * **0:**

When we insert it into the URL, we obtain the flag.