THM - Mother’s Secret

A writeup for the room Mother's Secret on TryHackMe

Exploit flaws found in Mother’s code to reveal its secrets.

https://tryhackme.com/room/codeanalysis

What is the number of the emergency command override?​

It is written in the description of the room.

What is the special order number?

If we go to the home page, we can see different boxes that explain a little what the application can do.

We are logged in as “Crew Member” without any permissions.

We can see that there is a tool called Alien Loader that allows to upload yaml files to the server.

It is the same tool described in the room description.

Since Alien Loader allows us to upload yaml files, we can try to use the available endpoint for yaml files to download 100375.yaml