Try Hack Me: Neighbor

Today we will be looking at an easy box on Try Hack Me called neighbor, lets dive right in with a portscan on our IP address:

We can see that we have port 80 and port 22 up. Lets check out port 80:

We can see that there is a login screen, lets look a view source:

We can see that we have to login with guest guest and that admin is off limits.

Logging in and we see the following URL:

Alright, we may have some Indirect Object Reference (IDOR). Lets try to change guest to admin and see if we get anything:

And we get the flag.

As stated this was an easy box that just came out on Try Hack Me. Thanks for reading.