Blue Team Cyber Defender

  Learn how to use Repeater to duplicate requests in Burp Suite Link - https://tryhackme.com/room/burpsuiterepeater Which view option displays the response in the same format as your browser would? Render Send the request. What is the flag you receive? See if you can get the server to error out with a “500 Internal Server Error” code by changing the number at the end of the request to extreme inputs. What is the flag you receive when you cause a 500 error in the endpoint? Exploit the union SQL injection vulnerability in the site. What is the flag? That’s it! See you in the next room :)

Learn the various ways of discovering hidden or private content on a webserver that could lead to new vulnerabilities. Link - https://tryhackme.com/room/contentdiscovery What is the Content Discovery method that begins with M? Manually What is the Content Discovery method that begins with A? Automated What is the Content Discovery method that begins with O? OSINT What is the directory in the robots.txt that isn’t allowed to be viewed by web crawlers? Check the robots.txt file /staff-portal What framework did the favicon belong to? Download the file and upload to virustotal to get hash and then check the mentioned website for the hash. cgiirc What is the path of the secret area that can be found in the sitemap.xml file? Check the sitemap /s3cr3t-area What is the flag value from the X-FLAG header? Run the curl command What is the flag from the framework’s administration portal? Go to mentioned website and find the location /thm-framework-login and login with username and password “admin”

  An introduction to using Burp Suite for Web Application pentesting Link :- https://tryhackme.com/room/burpsuitebasics Which edition of Burp Suite will we be using in this module? Burp Suite Community Which edition of Burp Suite runs on a server and provides constant scanning for target web apps? Burp Suite Enterprise Burp Suite is frequently used when attacking web applications and ______ applications. Mobile Which Burp Suite feature allows us to intercept requests between ourselves and the target? Proxy Which Burp tool would we use if we wanted to bruteforce a login form? Intruder In which Project options sub-tab can you find reference to a “Cookie jar”? Sessions In which User options sub-tab can you change the Burp Suite update behaviour? Misc What is the name of the section within the User options “Misc” sub-tab which allows you to change the Burp Suite keybindings? Hotkeys If we have uploaded Client-Side TLS certificates in the User options tab, can we override these on a per