# NeoVault ## OVERVIEW --- ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757941521759/92b98643-2bb8-46b7-839e-ded36f2e16f1.png align="center") So we already started an instance and now lets move on the web page . ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757941556672/5e653ffb-42b5-4cd3-b040-5ba28f6a6248.png align="center") So Let’s start by creating an account and login with it to get access of the dashboard. ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757941636775/f8c28b36-8f55-4dfb-887f-1f8cbbae5ab0.png align="center") After Logged in you can see a recent transaction from a user **neo\_system** and you can also see a lot of options in the left side of the webpage so lets check them out one by one. Let’s Move To Transfer Tab First ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757941770338/cb716dd9-d1d8-41a8-8bba-8ca3e8419f0c.png align="center") Now Let’s try to send money to *neo\_system* as it is the only user we know so far and capture its request in **Burp Suite** ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757941848925/c48c9718-c95e-4081-8f92-5ec869e675f4.png align="center") So on sending the request in the repeater tab we can see **\_id** and **username** parameter in the response for the particular user . Hmm Nice, Let’s Check Other Options too: So Let’s Check out the next Deposit Option ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757941958458/06a5b159-58c0-4d46-8e76-ab881ab3442f.png align="center") It allows us to Deposit Money Into Our Account So again Let’s capture this in Burp Suite ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757942509370/3a2759e1-9168-436d-a63b-fe689491a00c.png align="center") Ooh What’s this its saying **v2** is under maintenance so that means we should check **v1** ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757942758958/752e32bf-a0fe-4e65-bcbc-cb45ac207924.png align="center") Sadly it throws **Internal Server Error** No Worries Let’s move forward. Now Moving forward to next option which is Transactions ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757942835746/3d52c366-892e-4ae9-bba4-d8b43e3af871.png align="center") Here we can see it shows our transaction history and there is a button to download this history in the form of PDF maybe it could have some vulnerability so again capture it in Burp Suite ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757942938713/72bd2b1e-af1a-4f2c-9e37-16faab95d6ce.png align="center") It looks like a normal request so lets check its output file ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757942911537/cd78b876-93b2-4f8f-b399-cef11d575218.png align="center") Yep Nothing Here But Wait Did u remember we used **v1** in deposit requests but it showed internal server error so lets try in this transactions request too ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757943040172/b764e700-fca5-44cc-b10e-ecf594cec4ea.png align="center") Yeeee!! **v1** worked and we found something which was not internal server error but **\_id** is not provided so we have to give it some type of **\_id** parameter and its value Then I remembered that we got **\_id** of **neo\_system** in transfer request which was ```javascript "_id":"68c7f9cf53934f06c34c87f5" ``` Now Let’s Use This And See The Output ! ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757943380295/16215805-cc9a-443d-afef-08b186367443.png align="center") Viola It Shows Status 200 OK Now Lets Forward this in Intercept and Download The PDF file ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757943500761/281412b5-2dbc-4040-82c3-677b4ceb130b.png align="center") Boom !! Here It is we got a new user now lets find out this user id next with the same Transfer Request *Note: Use* ***v2*** *for transfer reque*st ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757943558763/d9a59a04-2407-41a1-995e-a540822e01d3.png align="center") We got the new user id now again lets forward and use this **\_id** in the transactions tab to download new file ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757943596822/8dfa86dd-832b-4503-bc2f-50102893ca6c.png align="center") Let’s See The Output File Now: ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757943641627/9e1246e4-1aa2-4616-bd01-309939d3b129.png align="center") Well Well Well , Here It Is Our Flag In The Description ## **WE FINALLY DID IT !!!! CHALLENGE SOLVED !!** ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1757943762363/91a33d92-9475-404a-aed1-869b0a030640.png align="center") For Any Query Or Problem Either Leave A Comment Or Contact At [**reapsec.com**](https://reapsec.com) **THANKS FOR READING !!!**