Neighbor

Check out our new cloud service, Authentication Anywhere. Can you find other user’s secrets?

This box is based on a locating a user flag. Based on info in the description, it appears to be IDOR related

First thing I’m going to do is scan the IP (10.10.65.50) and locate any open ports/services

Looks like port 80 http is open.

Navigating to the webpage we come across a login site

Appears to be a hint on the site stating to test control+U to use a guest account

This launches the page source info. From the notes on the page we can see the guest:guest account and password. Also appears to be a username named admin

After logging into the guest account with those credentials, we dont get too much info, but in the URL it appears to be showing the logged in user as user=guest.

Updating that to admin and we get our flag!