Context

Write-up / walkthrough of the Corridor CTF on TryHackMe.

The goal is to understand the vulnerability and reasoning process, not to blindly replicate steps or farm flags.

You are stuck in a strange corridor filled with doors.

Each door leads somewhere — but not necessarily where you are supposed to go.

Objective: find your way back.

The room strongly hints at:

• Web application testing
• IDOR (Insecure Direct Object References)
• Hexadecimal values that resemble hashes

Starting hypothesis

Initial analysis

• The challenge is clearly webapp-based
• A strong hint is given about hexadecimal values
• Decision made to skip nmap enumeration, as the web interface is the obvious attack surface
• Overconfidence is avoided despite the room appearing simple

Method / Used Tools

Web Application Exploration

Upon visiting the target web application, the interface presents multiple clickable doors, each redirecting to what appears to be an empty room. While the front-end behavior looks harmless, closer inspection of the URL reveals a hash-like value used as a parameter to determine which page is loaded.