Posts

Showing posts with the label active Reconnaissance

TryHackMe | Red Team Recon WriteUp

Image
Learn how to use DNS, advanced searching, Recon-ng, and Maltego to collect information about your target. Link - https://tryhackme.com/room/redteamrecon When was thmredteam.com created (registered)? (YYYY-MM-DD) 2021–09–24 To how many IPv4 addresses does clinic.thmredteam.com resolve? 2 To how many IPv6 addresses does clinic.thmredteam.com resolve? 2 How would you search using Google for xls indexed for http://clinic.thmredteam.com? filetype:xls site:clinic.thmredteam.com How would you search using Google for files with the word passwords for http://clinic.thmredteam.com? passwords site:clinic.thmredteam.com What is the shodan command to get your Internet-facing IP address? shodan myip How do you start recon-ng with the workspace clinicredteam? recon-ng -w clinicredteam How many modules with the name virustotal exist? 2 There is a single module under hosts-domains. What is its name? migrate_hosts censys_email_address is a module that “retrieves email addresses from the TLS certificates...

TryHackMe | Web Scanning Walkthrough

Image
  Learn the basics of automated web scanning! Link - https://tryhackme.com/room/rpwebscanning First and foremost, what switch do we use to set the target host? -h Websites don’t always properly redirect to their secure transport port and can sometimes have different issues depending on the manner in which they are scanned. How do we disable secure transport? -nossl How about the opposite, how do we force secure transport? -ssl What if we want to set a specific port to scan? -p As the web is constantly evolving, so is Nikto. A database of vulnerabilities represents a core component to this web scanner, how do we verify that this database is working and free from error? -dbcheck If instructed to, Nikto will attempt to guess and test both files within directories as well as usernames. Which switch and numerical value do we use to set Nikto to enumerate usernames in Apache? Keep in mind, this option is deprecated in favor of plugins, however, it’s still a great option to be aware of fo...

TryHackMe | Active Reconnaissance WriteUp

Image
Learn how to use simple tools such as traceroute, ping, telnet, and a web browser to gather information. Link - https://tryhackme.com/room/activerecon Browse to the following website and ensure that you have opened your Developer Tools on AttackBox Firefox, or the browser on your computer. Using the Developer Tools, figure out the total number of questions. Go to the website and right click and “Inspect” . Go to Sources and “script.js” 8 Which option would you use to set the size of the data carried by the ICMP echo request? -s What is the size of the ICMP header in bytes? 8 Does MS Windows Firewall block ping by default? (Y/N) Y Deploy the VM for this task and using the AttackBox terminal, issue the command ping -c 10 MACHINE_IP . How many ping replies did you get back? 10 In Traceroute A, what is the IP address of the last router/hop before reaching tryhackme.com? 172.67.69.208 In Traceroute B, what is the IP address of the last router/hop before reaching tryhackme.com? 104.26.1...

Eonrec