Posts

Showing posts from September, 2021

TryHackMe | DNS in Detail WriteUp

Image
  Learn how DNS works and how it helps you access internet services. Link- https://tryhackme.com/room/dnsindetail What does DNS stand for? Domain Name System What is the maximum length of a subdomain? 63 Which of the following characters cannot be used in a subdomain ( 3 b _ — )? _ What is the maximum length of a domain name? 253 What type of TLD is .co.uk? ccTLD What type of record would be used to advise where to send email? MX What type of record handles IPv6 addresses? AAAA What field specifies how long a DNS record should be cached for? TTL What type of DNS Server is usually provided by your ISP? recursive What type of server holds all the records for a domain? authoritative Follow the instructions on website for remaining questions:- What is the CNAME of shop.website.thm? shops.myshopify.com What is the value of the TXT record of website.thm? What is the numerical priority value for the MX record? 30 What is the IP address for the A record of www.website.thm? 10.10.10.1...

TryHackMe | Burp Suite: The Basics WriteUp

Image
  An introduction to using Burp Suite for Web Application pentesting Link :- https://tryhackme.com/room/burpsuitebasics Which edition of Burp Suite will we be using in this module? Burp Suite Community Which edition of Burp Suite runs on a server and provides constant scanning for target web apps? Burp Suite Enterprise Burp Suite is frequently used when attacking web applications and ______ applications. Mobile Which Burp Suite feature allows us to intercept requests between ourselves and the target? Proxy Which Burp tool would we use if we wanted to bruteforce a login form? Intruder In which Project options sub-tab can you find reference to a “Cookie jar”? Sessions In which User options sub-tab can you change the Burp Suite update behaviour? Misc What is the name of the section within the User options “Misc” sub-tab which allows you to change the Burp Suite keybindings? Hotkeys If we have uploaded Client-Side TLS certificates in the User options tab, can we override these on a...

TryHackMe | Metasploit: Introduction WriteUp

  An introduction to the main components of the Metasploit Framework. Link :- https://tryhackme.com/room/metasploitintro What is the name of the code taking advantage of a flaw on the target system? Exploit What is the name of the code that runs on the target system to achieve the attacker’s goal? Payload What are self-contained payloads called? Singles Is “windows/x64/pingback_reverse_tcp” among singles or staged payload? Singles How would you search for a module related to Apache? search apache Who provided the auxiliary/scanner/ssh/ssh_login module? todb How would you set the LPORT value to 6666? set LPORT 6666 How would you set the global value for RHOSTS to 10.10.19.23 ? setg RHOSTS 10.10.19.23 What command would you use to clear a set payload? unset PAYLOAD What command do you use to proceed with the exploitation phase? exploit That’s it. See you all in the next room :)

TryHackMe | Linux Server Forensics Walkthrough

Image
  Learn about digital forensics artefacts found on Linux servers by analysing a compromised server Link :- https://tryhackme.com/room/linuxserverforensics Deploy the first VM Login using ssh and navigate to /var/log/apache2 How many different tools made requests to the server? Run the below command Answer is 2 Name a path requested by Nmap. Run below command Answer is /nmaplowercheck1618912425 What page allows users to upload files? Navigate to the website Answer is contact.php What IP uploaded files to the server? Run below command to find Answer is 192.168.56.24 Who left an exposed security notice on the server? Run below command to find Go to the location mentioned above and open the security.md file Answer is Fred What command and option did the attacker use to establish a backdoor? Run below command to find backdoor Answer is sh -i What is the password of the second root account? Search passwd Google search xxx from root2 :xxx to find password Deploy the second VM Login a...

TryHackMe | Empline Walkthrough

Image
  Are you good enough to apply for this job? Link :- https://tryhackme.com/room/empline Get all the flags to complete the room. Run a nmap scan to check for open ports Port 80 is open. Let us visit it Since this room hints at applying for a job- Let us click on “Employment”. This does not lead anywhere. Check source code of page :- Seems it refers to job.empline.thm/careers Let change our /etc/hosts file and link the IP to this Now the url works:- Click on “Show all jobs” and the “mobile dev” position We can click on “Apply to Position” This page allows us to upload a file. Interesting… Let’s find the OpenCats version by going to jobs.empline.thm:- A google search for exploit for opencats 0.9.4 leads us to an article by doddsecurity(.)com . CVE-2019–13358 Following the exploit method. Create a .docx file using python or libreoffice with some text in the file. In my case the text is “Fun time”. unzip the .docx file and then edit word/document.xml Add the below af...

TryHackMe | Disk Analysis & Autopsy Walkthrough

Image
  Ready for a challenge? Use Autopsy to investigate artifacts from a disk image. Link - https://tryhackme.com/room/autopsy2ze0 Login and load the case in Autopsy as instructed What is the MD5 hash of the E01 image? 3f08c518adb3b5c1359849657a9b2079 What is the computer account name? Find this in Extracted Content -->Operating System Information section DESKTOP-0R59DJ3 List all the user accounts. (alphabetical order) Check the Operating System User Account section:- H4S4N,joshwa,keshav,sandhya,shreya,sivapriya,srini,suba Who was the last user to log into the computer? Sort by “Date Accessed” sivapriya What was the IP address of the computer? Check Look@LAN in Program Files(x86) files . Look@Lan is an advanced network monitor. 192.168.130.216 What was the MAC address of the computer? (XX-XX-XX-XX-XX-XX) 08–00–27–2c-c4-b9 Name the network cards on this computer. Search for the word Ethernet in Keyword Search:- Intel(R) PRO/1000 MT Desktop Adapter What is the name of the networ...

Eonrec