💝 TryHackMe Writeup: TryHeartMe – Accessing the Hidden Valentine Gift

 

💝 TryHackMe Writeup: TryHeartMe – Accessing the Hidden Valentine Gift

Platform: TryHackMe
Room Name: TryHeartMe
Category: Web
Difficulty: Easy
Points: 100
Time Estimate: ~60 Minutes

🧠 Room Overview

The TryHeartMe challenge presents a Valentine's-themed online gift shop. Everything looks cute and harmless… but there’s a twist.

Hidden inside the store is a secret product called “Valenflag.”

Your mission:

🎯 Find a way to access and purchase the hidden item
🔎 Identify the vulnerability
🚩 Capture the flag

🖥️ Environment Setup

Before starting:

  • Launch your AttackBox (or connect via VPN)

  • Start the Target Machine

  • Access the application at:

http://MACHINE_IP:5000

Now you're ready to begin testing.

🔍 Initial Exploration

When opening the shop, you’ll notice:

  • A clean product listing

  • Standard shopping functionality

  • Normal user access controls

However…

The hidden “Valenflag” item is not visible to regular users.

That means:

There must be a privilege or access control mechanism in place.

🛠️ Investigation Approach (High-Level)

Instead of brute force, we follow structured web testing methodology:

1️⃣ Inspect Authentication Mechanism

  • Observe how login works

  • Check cookies stored in the browser

  • Look for tokens or encoded session data

2️⃣ Analyze Session Handling

  • Identify if the application uses:

    • Session cookies

    • Encoded role data

    • Token-based authentication

3️⃣ Test Access Control Logic

  • Evaluate whether the application properly verifies user roles

  • Check if client-side trust is being misused

🚨 Vulnerability Discovery

Through careful inspection, it became clear:

  • The application relied on token-based authentication.

  • Role information was stored in a way that could be manipulated.

  • Access control validation was insufficient.

This allowed privilege escalation — giving access to the hidden shop item.

⚠️ This is a classic example of improper authorization checks.

🏁 Final Flag

THM{v4l3nt1n3_jwt_c00k13_t4mp3r_4dm1n_sh0p}

✅ Challenge completed successfully!

📚 Key Security Lessons

This room highlights several important concepts:

🔐 Never trust client-side data
🛡️ Always validate roles server-side
🍪 Protect authentication tokens properly
⚡ Implement strong authorization checks

Even beginner-level web apps can expose critical vulnerabilities when session handling is poorly implemented.

🎯 Why This Room Is Valuable

TryHeartMe is perfect for:

  • Beginners learning web security

  • Understanding authentication flaws

  • Practicing logical privilege escalation

  • Learning about token misuse risks

It’s simple — but powerful in teaching real-world concepts.

💡 Final Thoughts

The biggest takeaway from this challenge:

Security should never rely on user-controlled data.

Even a cute Valentine’s shop can become vulnerable if authentication isn’t implemented securely.

Comments

Post a Comment

Popular Posts