Thank you for taking the time to make this detailed analysis and walkthrough. While I do appreciate this room, having completed the modules leading up to this challenge DID NOT prepare me for this. Having a deep understanding of YAML, JS or using Burpsuite (as many people have in other write-ups) was not covered in the training and not mentioned as a "recommendation or prerequisite" for this challenge. Truthfully you didn't use any of the tools/techniques covered in the modules leading up this this challenge but your methodology certainly works well. I tried using OWASP ZAP but with limited success/results. I found this challenge quite frustrating and I can only assume many people feel the same way as I do as this is the lowest scoring (rated) room in the TryHackMe SecEng learning path. If someone would create a walkthrough/write-up using the tools/techniques covered in the training prior to this challenge that would be extremely helpful and appreciated. Thank you again and well done.

Cool room, cool explanation, probably next time better to zoom in the browser while sending a request or use burp with a bigger font size. Thanks for sharing :)

Excellent explanation as always

thanks for the video, i have a question for ../../../../opt/m0ther, i don't understand this step, (how did you think about this)

Thanks for the walkthrough; as always, it was clear and helpful. I tried using Burp to do the POSTs, and can get the flags/secrets correctly from the OS (doing things in the correct order). But even though I can make the all the calls, the Role/Interface doesn't change from Crew Member (so I couldn't read the "classified flag"). Of course, your method works like a charm, but I'm still curious if there is something that I could do with Burp.

Thank you for the help!

Please subscribe to get the latest videos www.youtube.com/@djalilayed