advent-of-cyber-2025

Room Link:
https://tryhackme.com/room/idor-aoc2025-zl6MywQid9

▶️ David Ackerman – Day 5 Video Walkthrough

Official walkthrough for quick onboarding:

🔗 YouTube Link:
https://youtu.be/geNAA2g-ZnY?si=LOn6plfunNkIichE

🎄 Advent of Cyber 2025 — Day 5 Write-Up

🧩 IDOR — Santa’s Little IDOR

✅ Challenge Answers

1️⃣ What does IDOR stand for?

Insecure Direct Object Reference

2️⃣ What type of privilege escalation are most IDOR cases?

Horizontal

🧪 Step-by-Step Exploitation

▶️ Login with given credentials

1login

▶️ Open DevTools → Network tab → Click view-details

This reveals the request containing user_id.

2viewaccount

▶️ Modify the user_id Parameter

Changing the value reveals different parents.
At user_id=15, we discover 10 children.

2uid15

3️⃣ Exploiting the IDOR found in view_accounts: What is the user_id of the parent with 10 children?

15

🎁 Bonus Task 1 — Child Endpoint Enumeration

Base64 or MD5

I solved using MD5 endpoint.

3md5

I identified the hash as MD5(11).

3md511

Uploading number list (1–20) via Burp Intruder

Follow the steps:

4burpproxy

5extentionset

6reqtoburp

7intrudersent

8progress

10attack

11ans1

4️⃣ Bonus Answer (Child ID):

19

🎁 Bonus Task 2 — Voucher Claim Endpoint

Navigate to:

/parents/vouchers/claim

12claim

Perform the attack:

13startattack

Success:

14final

5️⃣ Final Bonus Flag

22643e00-c655-11f0-ac99-026ccdf7d769