TryHackMe: Corridor CTF Writeup
I’m Huda Usman — a Computer Science undergrad passionate about cybersecurity, development, and all things tech. This blog is my learning diary where I document what I explore, build, break, and understand. From TryHackMe walkthroughs to personal projects, and from the steps I take to the mistakes I learn from, everything here reflects my hands-on journey through the tech world.
This isn’t a polished how-to guide — it’s a space for honest growth, learning in public, and sharing the process behind the progress. If you’re learning too, I hope my journey helps you feel inspired, supported, or simply less alone in figuring things out.
Let’s grow together.
Corridor is a TryHackMe room designed to demonstrate Insecure Direct Object Reference. It encourages us to analyze URL endpoints and note the hexadecimal values. Let’s dive into it.
Once the machine is up, let’s run a quick nmap scan.
Only http is open. Let’s visit the IP address.
It takes us to a page like this. Let’s run Gobuster — it’s a great tool for discovering hidden directories and pages that aren't directly linked on the website.
Note:
Gobuster is a tool used for brute-forcing URLs, helping us discover hidden directories and files on web servers. It’s useful when websites don’t directly link to important pages.
Usage: gobuster dir -u http://<target-ip>/ -w /usr/share/wordlists/dirb/common.txt
We didn’t find anything there. Now let us check the source code of the page.
We can find few hexadecimal values there. These might be the hashes hinted in the beginning of the room. Upon close inspection and confirmation from Hash Type Identifier — an online tool used to identify hashes — we can confirm that they are MD5 hashes.
In the hints it was given that the hashes follow a pattern. So let’s crack the hash.
I pasted all the hashes in CrackStation — a free hash cracker.
And here — we have our result. It is indeed following a pattern.
Let’s try navigating through the website by appending the hashes at the end of the URL.
Every time it took us to the same room. Since it followed this pattern - let us try appending the hashes of next numbers i.e. 14, 15, 16…
I generated the hashes from 14 to 30 using this python script. (We can also use online tools like CyberChef)
import hashlib
for i in range(14, 30): h = hashlib.md5(str(i).encode()).hexdigest() print(f"{i}: {h}")
I tried appending the hashes one by one at the end of the URL and it didn’t work out.
After a few tries, I started getting confused — am I on the wrong path? The room didn’t seem very complex but I was missing something. Then I realized I haven’t tried for zero. Then I put in the hash for zero and YESSS — we found the flag there.
This was my first write-up, and Corridor turned out to be one of the easiest TryHackMe rooms I’ve completed so far. Despite its simplicity, it was a great hands-on introduction to Insecure Direct Object Reference (IDOR) vulnerabilities and reinforced the importance of URL-based access control.
By paying attention to subtle patterns in hash values and experimenting with different inputs, we uncovered the hidden flag — a small but satisfying win!