Hack the HAckers

3 min readMay 4, 2022

While reading my feeds I came across a post with “hack the hackers” Heading , so I think lets try and I tried to find bugs on THM ( Try HacK Me ) .

# **Tryhackme** :This platform is good for beginners , who want hands on experience in cyber world. I also used it a lot in My starting days.

You can signup and start using it tryhackme .

Can we skip to the Good part ? *Sure *

I found some bugs on the platform :)

Password Reset link was not expiring After Email is changed .

Summary:-

Password link should expire if another request received , time span limit , password changed, already used or account’s email changed . In this case , If the email is changed they forget to expire which received on old email.

Steps +>

User request password change link on abcd@mail.com email .
After this User changes account’s email address and verify it .
So now User have new email xyz@mail.com
If he tries to change password from email received on abcd@mail.com then password changes .

2. Email changed with wrong password

My friend ask for my THM profile , I think lets change email address and give him, but I forget my current password, I enter abcd and it accepts .

Des:- When we try to change the email , it asks for current password before proceeding further. Now enter any pass and email is changed . I received an verification link on my new email.

Steps +>

enter profile section
enter random password and new email to change
a error recieved that your password is “incorrect”
Now refresh profile page and you will see that verify your email address and a email is sent to new email .

Update email address …