Neighbour is an easy-level machine that I was able to solve in 5 minutes. Make sure you are connected to VPN and the victim machine is up and running. Browsing to the IP generated opens up a web login interface, which requires a valid username and password. At this point, you can test for multiple vulnerabilities like SQL injection, default credentials, and all but for now, we will keep it simple here as the hint says to look into the source. Looking at the source code we find a pair of credentials and also an additional username admin . After logging in as a guest we observe an anomaly in the URL, the user parameter defines the current user we are logged in as, assuming that the back end treats this parameter as an object we can try to reference it to another user, so we try to access admin panel via IDOR. And we successfully log in as an admin user and we also retrieved the flag. Preventions:- Verification of all referenced objects should be done. Implement access control on all