# TryHackMe - Corridor

![Corridor](https://1679624655-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEkk28J0B2BeDMuesRMr1%2Fuploads%2Fgit-blob-c9b8b371b33ca4bad0c3011938446cc554cf998d%2F2023-07-08-11-16-42.png?alt=media)

* [Room on THM](https://tryhackme.com/room/corridor)

When we acces the website, We land on this page.

![Landing page](https://1679624655-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEkk28J0B2BeDMuesRMr1%2Fuploads%2Fgit-blob-8af9cfad10720c5a9ba7aefed78c5127d541b21a%2F2023-07-08-11-17-37.png?alt=media)

Each door sends somewhere

![](https://1679624655-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEkk28J0B2BeDMuesRMr1%2Fuploads%2Fgit-blob-d4bbb5d442d156cc5adea8e86f9d7b505afe744f%2F2023-07-08-11-19-27.png?alt=media)

If we analyse the hashes they seem to be md5. Let's check one on [crackstation](https://crackstation.net/)

![first hash](https://1679624655-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEkk28J0B2BeDMuesRMr1%2Fuploads%2Fgit-blob-4d283d9d03f8c83f45cb4f80365645792e58cb34%2F2023-07-08-11-25-01.png?alt=media)

Let's use intruder to increment the number and try to find the flag

![Intruder](https://1679624655-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEkk28J0B2BeDMuesRMr1%2Fuploads%2Fgit-blob-bd4a989dd2897562b8c536e711a79b98b0de5a7c%2F2023-07-08-11-30-03.png?alt=media)

These settings should do we need to process our payload and hash it in md5 like this

![md5 hash](https://1679624655-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEkk28J0B2BeDMuesRMr1%2Fuploads%2Fgit-blob-21aad1dedc068a194e3d0d5d579c0644fd0223e7%2F2023-07-08-11-29-16.png?alt=media)

We got nothing this way.\
Then I realized I did not try 0.\
So I hashed zero in MD5 accessed the page and got the flag! :D