Tryhackme room: Cyber Heroes
CyberHeroes is free and one of the easiest rooms to try on TryHackme about basic authentication bypass on websites.
This room focuses on small yet effective mistakes rookie web developers make while developing a website. That is, leaving everything open in the wild. In this particular, the developers have left the authentication logic open to the users. Most of the time, these mistakes are looked over and are not checked hence causing effective cyber casualties.
Let’s get it done. Startup the machine. Simply just go on the IP of the machine and you will find a web application being run on port 80. The main page contains some information about the room developers. Also in the navigation bar, there would be a page indicating a Login page. Let’s try to break its authentication.
Simply just check the Source of the page by clicking on “View Page Souce”. Scroll down a bit and you will find the login page method that has the login to authenticate a specific user.
Well, this piece of code sums up everything. You get the username and the possible password, but the password must be reversed as the function name suggests. Use any string reverse tool online and reverse and try to log in. That’s how an authentication failure works.