June 30, 2026
Corridor CTF Walkthrough (TryHackMe)
A Beginner-Friendly Guide to Solving the Corridor Room on TryHackMe.

By Vanessa3
2 min read
Introduction
Corridor CTF is a Beginner friendly lab that introduces the concept of hashed identifiers in web applications.
Room Information
- Platform: TryHackMe
- Room Name: Corridor
- Difficulty: Easy
- Category: Web Application Security
- Objective: Capture the Flag (CTF)
CORRIDOR ROOM
Now let's take a look of the Corridor CTF On TryHackMe.
So , by looking at the information they provided. we can say that it introduces us to the IDOR (Insecure Direct Object Reference) vulnerabilities.
Note:_ IDOR is a type of Broken Access Control vulnerability where an application exposes a direct reference to an object without properly checking whether the user is authorized to access it._
So, let's dive in and see what we can find, for the beginners this challenge is both interesting and easy to follow.
Initial Setup
Once the machine is deployed, you'll be provided with the target IP address.
Enumeration
For the Initial reconnaissance I used NMAP to identify open ports on the target machine
Open Ports Identified:
- 80 -HTTP
Exploring
I opened the HTTP page to see if I could find anything interesting. At first glance, it displays a long corridor with several closed doors.
When I clicked on the first door, it redirected me to another page with a value in the URL.
The value in the URL is a hash. I used CrackStation to check it, and it revealed that the hash represents the number 1. This shows that the application is using hashed values instead of plain numbers.
So, the next thing I did was collect the hash values from all the doors and use CrackStation to identify what each hash represented.
Then I noticed that all the hashes corresponded to the numbers 1–13 and that they were MD5 hashes. One value was missing: 0. I guessed that the missing door might use the MD5 hash of 0, so I generated it using the following command in terminal.
echo -n 0 | md5sumecho -n 0 | md5sumIt generated the MD5 hash of 0.
I replaced the hash in the URL with this new value to see if it would reveal anything.
And that's it — I got the flag!
ROOM COMPLETED SUCCESSFULLY.
Thank you for reading this walkthrough.