Post cover image

June 30, 2026

Corridor CTF Walkthrough (TryHackMe)

A Beginner-Friendly Guide to Solving the Corridor Room on TryHackMe.

By Vanessa3

2 min read

Introduction

Corridor CTF is a Beginner friendly lab that introduces the concept of hashed identifiers in web applications.

Room Information

  • Platform: TryHackMe
  • Room Name: Corridor
  • Difficulty: Easy
  • Category: Web Application Security
  • Objective: Capture the Flag (CTF)

CORRIDOR ROOM

None

Now let's take a look of the Corridor CTF On TryHackMe.

None

So , by looking at the information they provided. we can say that it introduces us to the IDOR (Insecure Direct Object Reference) vulnerabilities.

Note:_ IDOR is a type of Broken Access Control vulnerability where an application exposes a direct reference to an object without properly checking whether the user is authorized to access it._

So, let's dive in and see what we can find, for the beginners this challenge is both interesting and easy to follow.

Initial Setup

None

Once the machine is deployed, you'll be provided with the target IP address.

Enumeration

For the Initial reconnaissance I used NMAP to identify open ports on the target machine

None

Open Ports Identified:

  • 80 -HTTP

Exploring

I opened the HTTP page to see if I could find anything interesting. At first glance, it displays a long corridor with several closed doors.

None

When I clicked on the first door, it redirected me to another page with a value in the URL.

None

The value in the URL is a hash. I used CrackStation to check it, and it revealed that the hash represents the number 1. This shows that the application is using hashed values instead of plain numbers.

None

So, the next thing I did was collect the hash values from all the doors and use CrackStation to identify what each hash represented.

None

Then I noticed that all the hashes corresponded to the numbers 1–13 and that they were MD5 hashes. One value was missing: 0. I guessed that the missing door might use the MD5 hash of 0, so I generated it using the following command in terminal.

echo -n 0 | md5sum

It generated the MD5 hash of 0.

I replaced the hash in the URL with this new value to see if it would reveal anything.

None

And that's it — I got the flag!

ROOM COMPLETED SUCCESSFULLY.

Thank you for reading this walkthrough.