Identifying the Website Issue

Durre ShaffaDurre Shaffa
2 min read

Task Overview:

The objective of this challenge was to examine a mock webpage provided within the TryHackMe environment and identify a specific issue related to the website's security. The challenge required locating the problematic element on the page and clicking it to reveal the hidden flag.

Investigation & Findings:

Upon loading the mock webpage, the initial appearance of the URL might have suggested that it was served over HTTPS. However, upon closer inspection of the browser's security indicators—such as the padlock icon or browser warnings—it became clear that the page had a security certificate issue.

Specifically, the problem was an invalid HTTP certificate. This type of issue arises when a website’s SSL/TLS certificate is:

  • Expired

  • Not trusted by the browser

  • Improperly configured

Modern browsers typically warn users about such issues to prevent them from entering potentially unsafe sites. These warnings are crucial since SSL/TLS certificates are fundamental for establishing encrypted and trusted HTTPS connections.

Solution:

By clicking on the element or warning associated with the certificate issue on the mock site, the challenge flag was revealed.

🏁 Challenge Flag:

CopyEditTHM{INVALID_HTTP_CERT}

Key Takeaways:

  • Always check the validity of SSL/TLS certificates when visiting secure (HTTPS) sites.

  • Invalid certificates compromise secure communication and can be an indicator of a man-in-the-middle (MitM) attack or misconfiguration.

  • Browsers are your first line of defense in flagging such issues—don’t ignore the warnings!

0
Subscribe to my newsletter

Read articles from Durre Shaffa directly inside your inbox. Subscribe to the newsletter, and don't miss out.

tryhackme#cybersecuritycybersecurityhacking

Written by

Durre Shaffa
Durre Shaffa