Sitemap
Open in app

Sign in

Medium Logo
Write

Sign in

Member-only story

THM - Flag Vault

Francesco Pastore
3 min readJun 3, 2025

--

A writeup for the room “Flag Vault” on TryHackMe

Understand the basics of buffer overflows.

https://tryhackme.com/room/hfb1flagvault

What is the flag?

Footprinting

As mentioned in the room description, let’s start by connecting to the server.

nc MACHINE_IP 1337

We are only asked to insert a username.

After that, it seems that the inserted value is checked, and if it is valid, we should obtain the flag.

Taking a look at the code should help us to understand what’s happening.

We can see that there should be two inputs, one for the username and one for the password, but the latter is commented out.

The flag can only be obtained if the username and password variables contain the correct values.

Analyzing the vulnerability

--

--

Francesco Pastore
Francesco Pastore

Written by Francesco Pastore

158 followers
65 following

An engineering student in Milan and a web developer for an IT company. Write about programming and cybersecurity topics.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech