July 4, 2026
Fools Mate — TryHackMe Writeup
1. Introduction
By Poojan Parmar
1 min read
1. Introduction
Fool's Mate is a TryHackMe challenge — a simple web application challenge where a chess board is presented, and we have to deliver checkmate to the King. But we can't, right? If we try to checkmate the King, the application shows a message saying that if we play that move, it will shut down the PC. So the task is to bypass the engine.
2. Understanding the Application
Before looking for any endpoints in the web application, I started exploring it from a normal user's perspective and began playing it like a regular game. But, as mentioned above, we can't deliver checkmate. So I started looking for any hidden information, directories, or anything linked to the challenge that could help bypass it.
I tried the following:
a) nmap -sC -sV <target-ip>
b) <target-ip>/robots.txt (did not exist)
c) gobuster dir -u <target-ip>
From these findings, I didn't discover much — not the usual things we typically find during reconnaissance on most web apps.
3. The Exploitation Process
After reconnaissance didn't reveal much more about the web app, I fired up Burp Suite and intercepted the request. That's when I found something suspicious — the most important endpoint, <target-ip>/api/move.
After that, I sent the intercepted request to Repeater, and there I found some good leads — additional endpoints that exposed the application at a much deeper level. After probing through multiple endpoints, I found the flag.
4. Key Takeaways
This challenge was a practical, hands-on demonstration of the fact that you don't always find everything during the reconnaissance phase — and that trusting client-side logic is never a safe assumption. Sometimes the real vulnerability is uncovered by manipulating things from the server side.
Thanks for reading! If this writeup helped you, feel free to follow me here on Medium for more CTF writeups and cybersecurity content.