TryHackMe — Glitch

Having fun with TryHackMe again. So, here is the write up and guideline to pass this Glitch challenge.

Room: https://tryhackme.com/room/glitch
Level: Easy

Task: Challenge showcasing a web app and simple privilege escalation. Can you find the glitch?

Lets get started

As usual, start the machine and open the IP in browser (took like 10 minutes to appear. I don’t know why)

Just a blank page with glitch wallpaper. When open the console, there is an api endpoint. Let’s open it in browser

Oh!, there is a token. But, that’s not the answer. Looks like base64. Using cyberchef,