TryHackMe Extract Full Walkthrough 2025 – SSRF & CVE-2025-29927 Exploit

Can you extract the secrets of the library?

🦀🦀 Room Link: https://tryhackme.com/room/extract

🦈Scenario:🦈

The librarian rushed some final changes to the web application before heading off on holiday. In the process, they accidentally left sensitive information behind! Your challenge is to find and exploit the vulnerabilities in the application to extract these secrets.

🔥Links used on the video:🔥

🤖 Next.js and the corrupt middleware (CVE-2025-29927): the authorizing artifact: https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware

script provided by 0day https://x.com/0dayCTF
🤖 Gopher python script encoding (customapi): https://github.com/djalilayed/tryhackme/blob/main/extract/gopher-1.py
🤖 Gopher python script encoding (management): https://github.com/djalilayed/tryhackme/blob/main/extract/gopher-2.py
🤖 Gopher python script encoding (2fa): https://github.com/djalilayed/tryhackme/blob/main/extract/gopher-3.py

🤖 CyberChef: https://gchq.github.io/CyberChef

⚠️ Educational Purpose Only
This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems.

Don’t forget to 👍 LIKE and 🔔 SUBSCRIBE for more cybersecurity tutorials!

#TryHackMe